Written By Dr Al Hartmann And Presented By Charles Leaver Ziften CEO
Anton Chuvakin, VP and security analyst at Gartner Research posted about the 3 essential Security Operations Center (SOC) tools required to provide effective cyber attack visibility. Chuvakin compared them to the cold war’s “nuclear triad” concept of siloed, airborne, and nuclear submarine capabilities required to guarantee survival in a total nuclear exchange. Similarly, the SOC visibility triad is vital to making sure the survival of a cyber attack, “your SOC triad seeks to considerably lower the opportunity that the enemy will operate on your network long enough to accomplish their objectives” as Chuvakin wrote in his post.
Now we will take a look at the Gartner designated essentials of the SOC triad and how Ziften supports each ability.
SIEM (Security Information and Event Management) – Ziften Open Visibility ™ extends existing security, event monitoring tools and system management by delivering important open intelligence of any enterprise endpoint. Ziften’s Open Visibility platform now includes integration with Splunk, ArcSight, and QRadar, as well as any SIEM supporting Common Event Format (CEF) alerts. Unlike competing product integrations that only offer summary data, Ziften Open Visibility exposes all Ziften collected endpoint data for full highlighted integration exploitation.
NFT (Network Forensics Tools)– Ziften ZFlow ™ extends network flow based cyber security tools with essential endpoint context and attribution, considerably boosting visibility to network events. This new standards based innovation extends network visibility down within the endpoint, collecting essential context that cannot be observed over the wire. Ziften has an existing product integration with Lancope, and also has the ability to quickly integrate with other network flow collectors using Ziften Open Visibility architecture.
EDR (Endpoint Detection and Response)– The Ziften Endpoint Detection and Response solution constantly examines user and device behaviors and highlights anomalies in real time, permitting security analysts to focus on advanced threats faster and lessen Time To Resolution (TTR). Ziften EDR enables organizations to more rapidly figure out the origin of a breach and decide on the necessary restorative actions.
While other security tools play supporting roles, these are the three basics that Gartner asserts do make up the core protector visibility into attacker actions within the targeted organization. Arm up your SOC triad with Ziften. For a no obligation free trial, visit: http://ziften.com/free-trial to learn more.