Written By Dr Al Hartmann And Presented By Chuck Leaver Ziften CEO
Anton Chuvakin, VP and security analyst at Gartner Research posted about the 3 essential Security Operations Center (SOC) tools needed to supply efficient cyber attack visibility. Chuvakin compared them to the cold war’s “nuclear triad” principle of siloed, air-borne, and nuclear submarine abilities needed to make sure survival in an overall nuclear exchange. Similarly, the SOC visibility triad is crucial to ensuring the survival of a cyber attack, “your SOC triad seeks to substantially minimize the opportunity that the opponent will operate on your network long enough to accomplish their objectives” as Chuvakin wrote in his post.
Now we will look at the Gartner designated fundamentals of the SOC triad and how Ziften supports each ability.
SIEM (Security Information and Event Management) – Ziften Open Visibility ™ extends existing security, event tracking tools and system management by delivering vital open intelligence of any enterprise endpoint. Ziften’s Open Visibility platform now consists of integration with Splunk, ArcSight, and QRadar, along with any SIEM supporting Common Event Format (CEF) alerts. Unlike competing product integrations that just supply summary data, Ziften Open Visibility exposes all Ziften collected endpoint data for full highlighted integration exploitation.
NFT (Network Forensics Tools)– Ziften ZFlow ™ extends network flow based cyber security tools with important endpoint context and attribution, greatly boosting visibility to network events. This brand-new standards based technology extends network visibility down within the endpoint, collecting important context invisible over the wire. Ziften has an existing product integration with Lancope, and additionally has the capability to rapidly integrate with other network flow collectors using Ziften Open Visibility architecture.
EDR (Endpoint Detection and Response)– The Ziften Endpoint Detection and Response solution constantly assesses user and device habits and highlights anomalies in real time, permitting security analysts to hone in on advanced risks much faster and reduce Time To Resolution (TTR). Ziften EDR permits organizations to more rapidly figure out the origin of a breach and pick the required corrective actions.
While other security tools play supporting roles, these are the three essentials that Gartner asserts do constitute the core defender visibility into attacker actions within the targeted company. Arm up your SOC triad with Ziften. For a no obligation complimentary trial, go to: http://ziften.com/free-trial to get more information.