Presentation is loading. Please wait.

Presentation is loading. Please wait.

OPIsrael And The Value Of Next Generation SOCs

Published bySiemplify Siemplify Modified over 5 years ago

Similar presentations

Presentation on theme: "OPIsrael And The Value Of Next Generation SOCs"— Presentation transcript:

1 OPIsrael And The Value Of Next Generation SOCs

2 Introduction Today is an excellent opportunity to see how next generation SOC platforms are changing enterprise security. One of the biggest organized cyber attacks against Israeli organizations, #OPIsrael, is scheduled for today. It’s the kind of scenario that can overwhelm conventional security operation centers (SOCs) and one that brings out the value of the Siemplify platform. The Nature of the Threat The majority of attackers participating in #OPIsrael are hacktivist groups, like Anonymous. They will primarily be looking to launch distributed denial-of- service (DDOS) attacks against Israeli-related sites and publishing personal information (mainly credit card details):

3 DDoS Attacks & DDoS Tools “With regard to the attack vectors, we assume the attackers will attempt to carry out DDoS attacks or leak the databases of small Israeli websites (based on past experience, most of the data leakage will be recycled from previous campaigns). We also believe they will use familiar or self-developed DDoS tools, as well as malware based on njRAT, which is very popular among Arabic-speaking hacktivists.” It is also possible that there will be attempts to infect Israeli end- points with Ransomware via emails with malicious files during this campaign. Moreover, attackers sometimes spoof an internal email address to alleviate the concerns of potential victims. – SenseCy, a threat intelligence company

4 So Many Attacks, So Little Information With conventional security operations, attacks like #OPIsrael can be overwhelming. The attacks often originate from multiple regions and involve multiple actors, making detection more difficult for the typical tier-1 security analyst.

5 OPIsrael Effort Threat intelligence service providers have been monitoring the #OPIsrael effort and their reports could be a significant asset in fighting such cyber threats. Practically, though, threat intelligence reports are consumed by threat intelligence investigators in conventional SOCs not the tier-1 security analysts triaging incoming security alerts. And DDOS triggers an enormous number of alerts. The alerts appear to the security analyst as rows-upon-rows of independent entries in the spreadsheet-like interfaces of their SIEMs. Analysts are left having to sift through those entries, researching and analyzing each one. They struggle with understanding the strategic picture, the connection between the alerts and the importance to the business.

6 Stop Working From Alerts Always at risk is the possibility that they will miss the few truly critical alerts, amongst the thousands of others, indicating the bigger threats — data exfiltration attempts or critical system penetrations. Stop Working From Alerts Instead of triaging thousands of security alerts, tier-1 security analysts in next generation SOC work from a prioritized list of “cases.” Cases are visual representations of the attack chain, synthesizing information from many sources including: ●The significant alerts from the SIEM ●Threat intelligence reports ●Active Directory information, and business intelligence information

7 DDOS Attack & Security Analysts Alone, shifting from alerts to cases is a paradigm shift. Siemplify customers see the workload of their tier-1 security analysts decrease significantly, more than 90 percent in at least one instance. The tier-1 analyst in a next generation SOC can also investigate many of those cases, a function usually reserved for more senior analysts. The Siemplify platform lays out the entire attack chain as a visual storyline. Analysts investigate a threat simply by clicking on an icon and pivoting off of the object. Gathering information from data stores is also simpler than in conventional SOCs. Analysts retrieve data by filling in forms not by writing complex queries.

8 Siemplify Platform Building accurate and reliable cases requires a robust backend. With Siemplify, advanced data science algorithms analyze the enormous amount of networking- and security-related information that may be relevant to the alert. A graph database helps understand the relationships between users, applications and networking objects. Together, the two automatically identify the significant security events.

9 Cases Aggregate Related Alerts

10 Think Strategically By taking a strategic view, security teams become more efficient. They focus on what matters, first. They analyze threats faster and respond quicker. With DDOS, for example, analysts can remediate an attack by blocking a pattern of attacks emanating from a region at the click of a button.

11 References https://www.siemplify.co/blog/opisrael-and-the-value-of-next-generation-socs/ https://www.siemplify.co/security-orchestration-automation/ https://www.siemplify.co/security-automation/

Download ppt "OPIsrael And The Value Of Next Generation SOCs"

Similar presentations

Chapter 1 Business Driven Technology

Chapter 1 Business Driven Technology
The Most Analytical and Comprehensive Defense Network in a Box.

The Most Analytical and Comprehensive Defense Network in a Box.
1www.skyboxsecurity.com Skybox Cyber Security Best Practices Three steps to reduce the risk of Advanced Persistent Threats With continuing news coverage.

1www.skyboxsecurity.com Skybox Cyber Security Best Practices Three steps to reduce the risk of Advanced Persistent Threats With continuing news coverage.
©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.

©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.
Microsoft Ignite /16/2017 4:54 PM

Microsoft Ignite /16/2017 4:54 PM
Uniqueness of user names is enforced Customer information logged to database Require contact information as well as email address Email address will.

Uniqueness of user names is enforced Customer information logged to database Require contact information as well as address address will.
California Common Operating Picture (Cal COP) for Public Safety

California Common Operating Picture (Cal COP) for Public Safety
Correlations, Alarms and Policies

Correlations, Alarms and Policies
IT-security in the Ubiquitous Computing World Chris Kuo, CISSP, CISA Acer eDC (e-Enabling Data Center) Acer Inc. 2007/3/27.

IT-security in the Ubiquitous Computing World Chris Kuo, CISSP, CISA Acer eDC (e-Enabling Data Center) Acer Inc. 2007/3/27.
Digital Automata Unit 7-1 Managing the Digital Enterprise By Professor Michael Rappa.

Digital Automata Unit 7-1 Managing the Digital Enterprise By Professor Michael Rappa.
AL-MAAREFA COLLEGE FOR SCIENCE AND TECHNOLOGY INFO 232: DATABASE SYSTEMS CHAPTER 1 DATABASE SYSTEMS (Cont’d) Instructor Ms. Arwa Binsaleh.

AL-MAAREFA COLLEGE FOR SCIENCE AND TECHNOLOGY INFO 232: DATABASE SYSTEMS CHAPTER 1 DATABASE SYSTEMS (Cont’d) Instructor Ms. Arwa Binsaleh.
Distribution & Sales Systems 14 th January 2015. Distribution & Online Marketing Tools.

Distribution & Sales Systems 14 th January Distribution & Online Marketing Tools.
©2014 Bit9. All Rights Reserved Endpoint Threat Prevention Charles Roussey | Sr. Sales Engineer Detection and Response in Seconds.

©2014 Bit9. All Rights Reserved Endpoint Threat Prevention Charles Roussey | Sr. Sales Engineer Detection and Response in Seconds.
Denial of Service Bryan Oemler Web Enhanced Information Management March 22 nd, 2011.

Denial of Service Bryan Oemler Web Enhanced Information Management March 22 nd, 2011.
1 Figure 4-16: Malicious Software (Malware) Malware: Malicious software Essentially an automated attack robot capable of doing much damage Usually target-of-opportunity.

1 Figure 4-16: Malicious Software (Malware) Malware: Malicious software Essentially an automated attack robot capable of doing much damage Usually target-of-opportunity.
Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.

Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.
MANAGED SECURITY TESTING PROACTIVELY MANAGING VULNERABILITIES.

MANAGED SECURITY TESTING PROACTIVELY MANAGING VULNERABILITIES.
BUFFERZONE Advanced Endpoint Security Data Connectors-Charlotte January 2016 Company Confidential.

BUFFERZONE Advanced Endpoint Security Data Connectors-Charlotte January 2016 Company Confidential.
Chapter 6 Discovering the Scope of the Incident Spring 2016 - Incident Response & Computer Forensics.

Chapter 6 Discovering the Scope of the Incident Spring Incident Response & Computer Forensics.
Cognitive & Organizational Challenges of Big Data in Cyber Defence. YALAVARTHI ANUSHA 1.

Cognitive & Organizational Challenges of Big Data in Cyber Defence. YALAVARTHI ANUSHA 1.

Similar presentations

Ads by Google