Seceon.com Comprehensive Cybersecurity Platform for the Digital Era Fully Automated Threat Detection & Remediation - No Playbook Required Staying ahead of the latest security threats can be a challenge for any organization. Most organizations are unable to deal with the increasing number and sophistication of cyber threats because it either takes them too long to identify them or takes too much time to stop them from inflicting damage once the organizations have been breached. Security must be more than an afterthought, especially as companies embrace technologies, such as, Cloud, Big Data, Internet of Things, and Mobility. These threats are also coming from BYOD and other devices that bypass perimeter defenses. If these devices are infected with malware and go undetected, they cause irreparable damage as they connect east- west to other devices within the organization. Sadly, some companies have a false sense of security as they think they are secure already because they comply with standards. John T. Chambers, Executive Chairman and former CEO of Cisco Systems says, “There are two types of companies: those that have been hacked, and those who don't know they have been hacked.” Security must be ‘built-in’ without “There are two types of companies: those that have been hacked, and those who don’t know they have been hacked.” John T. Chambers, Executive Chairman and Former CEO of Cisco Systems the need to ask the users to ‘opt-in’. Having the right security posture is critical as threats are becoming a lot more sophisticated and come from all angles. In this paper, we explore the current landscape of security, what it takes to provide comprehensive cybersecurity in digital era, and Seceon’s Open Threat Management (OTM) Platform. Seceon’s solution leverages advanced technologies, such as, user behavioral analytics, machine learning, and in- memory processing for data collection, analysis, and self-healing with automated remediation in real-time.
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Seceon.com
Comprehensive Cybersecurity Platform for the Digital Era
Fully Automated Threat Detection & Remediation - No Playbook Required
Stayingaheadofthelatestsecuritythreatscan be a challenge for any organization.Mostorganizationsareunabletodealwiththe increasing number and sophisticationof cyber threats because it either takesthemtoolongtoidentifythemortakestoomuch time to stop them from inflictingdamageonce theorganizationshavebeenbreached.
Security must be more than anafterthought, especially as companiesembrace technologies, such as, Cloud, BigData, Internet of Things, and Mobility.Thesethreatsarealsocoming fromBYODand other devices that bypass perimeterdefenses.Ifthesedevicesareinfectedwithmalware and go undetected, they causeirreparable damage as they connect east-west to other devices within theorganization.Sadly,somecompanieshaveafalsesenseofsecurityastheythinktheyare secure already because they complywith standards. John T. Chambers,Executive Chairman and former CEO ofCiscoSystemssays,“Therearetwotypesofcompanies: those that have been hacked,andthosewhodon'tknowtheyhavebeenhacked.”Securitymustbe‘built-in’without
“Therearetwotypesofcompanies:those that have been hacked, andthose who don’t know they havebeenhacked.”
JohnT.Chambers,ExecutiveChairmanandFormerCEOofCisco
Systems
the need to ask the users to ‘opt-in’.Having the right security posture iscritical as threats are becoming a lotmore sophisticated and come from allangles.In this paper, we explore the currentlandscape of security, what it takes toprovidecomprehensivecybersecurityindigital era, and Seceon’s Open ThreatManagement (OTM) Platform. Seceon’ssolution leverages advancedtechnologies, such as, user behavioralanalytics, machine learning, and in-memory processing for data collection,analysis, and self-healing withautomatedremediationinreal-time.
TheCurrentSecurityLandscape EventhoughenterprisesarebecomingmoreIT-centric,businessesarestillstrugglingtoimplementcomprehensivesecuritythatprotectstheirassetsanddata.Todaywesee multiple technologies or point solutions being deployed in organizations toprotect vital information. These include next-generation firewalls, which preventunwantedaccess toyournetwork anddata,point solutions toprotect the variousendpoints on the network, security event and information management (SIEM)platforms that collect data from all disparate products to elicit the appropriateresponse,etc. In fact,manyenterpriseshavea slewof securityproductsdeployedwhichareresponsibleforcollectingandreportingthecurrentsecuritystatus(Figure1).Securityexpertsanalyze andcorrelate thesemassiveamountsof logdata fromdifferentsourcestodiscernrealthreats.
Figure1:Multiplepointsolutionsproducinglogdatatobeanalyzedbyexperts
Thiscurrentsecuritypostureposesabigchallengetoorganizationsbecauseitistooslowtoidentifyrealthreats.Oftenanalystsareunabletoseethethreatsandcorrelaterelevant information from the consoles of an arrayof securityproducts. The riskbuildswhencombinedwithalackoftechnologies,policiesandstaff.TheinfamousEquifax 2017 security breach lasted from mid-May through July potentiallycompromising143millioncustomers’personaldata.Accordingtothe2016InsiderThreat Report Spotlight, 27 percent of organizations feel they can detect a threatwithin hours, and only 24 percent canremediate the problem within hours ofdetection.Thesmallpercentagesoforganizationsthatdofeelcapableareoftentoolate.AccordingtoVerizon’s2016DataBreachInvestigationReport,81.9percentoforganizationssurveyedreportedthatacompromisetookonlyminutestoinfiltrate
Seceon.com
companysystems,withamajorityofrespondentsshowingthatassociateddatawasexfiltrated within hours of the initial compromise. If a breach were to occur toorganizationswiththeircurrentthreatmanagementtechniques,thereisaminimalchancethatdatalosscanbestopped.Whatisneededisabetterapproach,onethatdetectsandremediatesinminutes,nothoursordays.
“The Insider Threat Report goes on to say thatmore than 75 percent of enterpriseorganizationsestimatebreachremediationcostsreach$500,000.Twenty-fivepercentbelievethecostexceeds$500,000andcanreachintothemillions.Thechallengewithtoday’sthreatsistodetectandstopthethreatbeforedataisaccessed,alteredorstolen”
Inaddition,compromisedcredentialsthroughphishingorothermeanscontinuetoposeahighimpactriskfororganizations.Unmanagedorpoorlymanagedcredentialspresentahigh-valuetargetforhackers,offeringintrudersinsideraccesstonetworksandaccounts.Itisdifficultfortraditionalsecuritytoolstodiscernanddetecttheuseof an insider’s own lost credentials, or theuse of newones createdwith elevatedprivilegesbyaknowledgeable insider.Theuseof“legitimate”credentialsdoesnottriggerathreatresponsefromthesystem.Considerthecasewhereaninsiderloseshis/hercredentialstotheoutsideandcurrentdefensesdon’tknowifit’sanimposteraccessingassets.Thesamecanhappenwhenanemployeeorcontractordecidestousehisorsomeothercredentialstostealdata.
Withtheincreasingvalueandvolumeofdata,cyberattacksaregrowingnotonlyinnumberbutalsoinsophistication.Thereareincreasingconcernsaboutdevicesbeinghackedintothebotnetsandusedtoattackorganizations.Thestakesaresohighthatthereisdireneedtoadoptamoreproactiveapproachtosecuringcriticaldata.
ANewApproachfortheDigitalEraIt is evident that the traditional methods or point solutions will not scale or beadequate in this age of digital transformation.Recently, there’s been a lot of buzzabout using behavioral analytics to help detect the threat. Can technologies inbehavioralanalyticsandmachine learningdetect threatsquickly?Will thishelp toaddressstaffandpolicylimitations?
Real-timeBehaviorAnalyticstoCombatThreatsBehavioralanalyticscanbeusedtodevelopcomprehensivemodels.Thiswillprovideanorganizationwiththeabilitytoconductriskassessmentofusersandsystemstoalertallentitiesthatmayposeapotentialthreat.Itssiftsthroughandcorrelateslargeamounts of data in order to identify non-conforming patterns. Some of theseanomaliesmightrepresentcompromisedcredentials,arogueuseronthenetwork,unwarrantedescalationofuserprivileges, and transmissionof sensitivecorporateinformationacrossunsolicitedchannels.
MachinelearningdemandscontextSome organizations have tried to use approaches solely dependent on machinelearningtoaccomplishbehavioralprotection.Initially,machinelearningprovidedagood way to identify patterns and relationships, but in practical terms machinelearninggeneratesagreatdealoffalse-positives.
Abetterapproachwouldbetouseanintelligentsystemwithrulesetsandthresholds,whichareaidedbymachinelearning.Theknownthreatbehaviorscanbetailoredtoappropriatebehaviorforthesystem.Correlatingthisallowsthesystemtomaintainahigh degree of confidence in the results before presenting a threat. This allowsanalyststoseeallsourcesofcorrelationbeforeenactingstepstoremediation.
Combine behavioral analytics and machine learning withreal-timeremediationWesolvedtheproblembyarchitectingaplatformwithapatentedprocesstobreaktheserialdatacollectionandanalysis-processinglogjam.
Seceon’sOpenThreatManagement(OTM) Platform is based on anadvanced micro servicesarchitecture. Unstructured data isingestedintheCollection&ControlEngine(CCE)andreduceddowntoonly the information required toidentify the type and scope of athreat.ItextractskeymetadataandsendsrefinedinputtotheAnalytics&PolicyEngine(APE).
Seceon.com
APEisabigdataenginewhichusesafast-parallelprocessingarchitecture.Itingeststhe information from the CCE and runs it through thousands of threat detectionprocesses in parallel. This allows a variety of threat detection techniques to beapplied.Output analytics generatedby eachprocess canbe correlated together inmanydifferentways.Thisapproachallowsuser,entityororganization-widethreatssuchasDDoStobedetected.Theadvancedcorrelationtechniquesalsoallowthreatstobevalidatedfrommultipletechniques.Thisminimizestheoddsofgeneratingfalse-positiveswhileprovidingafullscopeofanattackorthreat.Bestofall,theentiresetofactionshappensinseconds.
Figure2:SECEONOTMScalableFastProcessingArchitecture
Utilizing another patented process, the threats are evaluated by level of risk andprogressionofanattack.Additionally, thisprocessalsomakesrecommendations–dependingonthetypeandprogressofanattack–onhowtostopthethreat. Thesystem then allows theuser toperform that actionby eitherpushing a buttonoroptingtohavethesystemtakeautomaticremediationofsuchthreats.Thisfeatureisusefulforassuring24x7x365protection.
“OTMingestsrawflows,logsandidentifiesdatafromNG-Firewalls(fore.g.,PaloAlto, Cisco, Fortinet, Checkpoint, SonicWall, Sophos, Juniper, etc.), Routers (for e.g.,Cisco,Juniper,Nokia,Brocade,etc.),Switches(fore.g.,Cisco,Arista,Juniper,Extreme,Brocade, etc.), Identity Management (for e.g., Windows Domain Controller, DNS,DHCP,LDAP,etc.),OSandApplicationlogs(fore.g.,Linux,Windows,MacOS,Oracle,
SAP,MySQL,etc.),andEndPointProtections(fore.g.,McAfee,Symantec,TrendMicro,Cylance, etc.) to provide comprehensive cybersecurity for the digital era driven bycomprehensive visibility, protective threat detection, and automated or push buttoneliminationorcontainmentofthreatsonNetwork,IdentityandApplications.”
Benefits of Seceon’s OTM as a Fully Automated ThreatDetectionandRemediationSystem• ComprehensiveVisibility:Adaptivecomprehensivevisualizationprovidesaview into how an organization’s users, databases and applicationscommunicate. The platform provides extensive visibility of network traffic,monitored applications, network performance, managed network resourcesandbigdataanalyticsviaeffectiveandscalabledatacollection,aggregationanddelivery.
• UnifiedThreatDetection:TheOTMPlatformdetectsallformsofknown,aswell as new threats, in real-time. These include, malwares, botnets, insiderthreats, compromised credentials, APTs, DDoS attacks, etc. The need forautomatedthreatdetectionapplies toorganizationsofanysizeorexpertise.For large organizations with significant resources and staff in place,automationofthreatdetectioncaneliminatethreatalertoverloadandenablegreaterefficiency for security teams.Addressing these attacksas theyoccurensures the correct remediation and reporting of the threat. For small- tomedium-sized businesses with limited and/or no security analyst staff,automated technology enables the equivalent of a virtual SoC team. It givesskill-andresource-constrainedteamsachancetoprotectthemselvesfromofthesethreats.
• Automatic Threat Remediation in Real-time: Organizations today arerapidlyadaptingnewpoliciesandpracticestoreact fasteroncea threathasbeen identified. Typically, the steps to contain and eliminate the threatsrequiresomesortofmanual intervention. If theremediationactionsarenotimplemented in a timelymanner to limit thedwell timeof an attack, it canpotentially cause significant damage to the organization. Seceon’s OTMPlatform is self-healing as it takes immediate recommended actions toautomaticallycontainandeliminatethethreatsinreal-time.Thissignificantly
Seceon.com
minimizes the effort and cuts the response time literally down to seconds.Moreover, it can automatically halt the use of compromised credentialsisolatingtherogueuserfromthenetworkbeforedataisexfiltratedfromtheorganizationandreissueofnewonestominimizetheriskofdatalossandbusinessdisruption.Ittherebyaddressesvexingchallengesdeterminingtherightcourseofactiontoprotectinformationwithoutcausingunduesideeffectsbyblockingproductivityofusersthatregularlyusethesedatasources.
ConclusionDigital transformationbringsamassivegrowthof connected environmentswhereperimeterprotectionisnolongerenough.ItmakesitessentialthatcybersecurityandIT teams find a unified approach to securing applications anddata. Seceon’s OTMPlatformprovidescomprehensivevisualization,fullyautomatedthreatdetectionandremediationsoftwaresolution.Theplatformcanprocessdatainrealtime,ingestingand running threatmodels, updating and activating thesemodels withinminutesthroughadvancedcorrelationwithintelligentapplicationofmachinelearning.Thisallowsthesystemto lookforanomaliesandcorrelatethemtogeta fullviewthusminimizing falsepositives and triggers easy tounderstand alerts thatmatter. Theself-healingaspectof theplatformenablescustomers toautomaticallycontainandeliminatethethreatsinreal-time.
About Seceon
Founded in 2014, Seceon provides industry’s first full-automated threat detection and remediation software platform. It leverages advanced technologies, such as, behavioral analytics, machine learning and in-memory processing for data collection, analysis and automated remediation in real-time. It is headquartered in Westford, MA, USA with offices in United Kingdom & India. To learn more, please visit: www.seceon.com.
Copyright © 2017 Seceon, Inc. All trademarks referenced here belong to Seceon, Inc.
Related Documents
