Written By Dr Al Hartmann And Presented By Chuck Leaver Ziften CEO
Anton Chuvakin, VP and security analyst at Gartner Research published about the 3 vital Security Operations Center (SOC) tools required to supply effective cyber attack visibility. Chuvakin compared them to the cold war’s “nuclear triad” principle of siloed, air-borne, and nuclear submarine capabilities needed to ensure survival in a total nuclear exchange. Similarly, the SOC visibility triad is crucial to guaranteeing the survival of a cyber attack, “your SOC triad seeks to significantly decrease the possibility that the aggressor will operate on your network for enough time to achieve their objectives” as Chuvakin wrote in his blog.
Now we will look at the Gartner designated fundamentals of the SOC triad and how Ziften supports each capability.
SIEM (Security Information and Event Management) – Ziften Open Visibility ™ extends existing security, event tracking tools and system management by providing crucial open intelligence of any business endpoint. Ziften’s Open Visibility platform now consists of integration with Splunk, ArcSight, and QRadar, along with any SIEM supporting Common Event Format (CEF) alerts. Unlike contending product integrations that just supply summary data, Ziften Open Visibility exposes all Ziften gathered endpoint data for complete highlighted integration exploitation.
NFT (Network Forensics Tools)– Ziften ZFlow ™ extends network flow based security tools with essential endpoint context and attribution, significantly boosting visibility to network events. This brand-new standards based innovation extends network visibility down within the endpoint, collecting vital context that cannot be observed over the wire. Ziften has an existing product integration with Lancope, and additionally has the ability to rapidly integrate with other network flow collectors utilizing Ziften Open Visibility architecture.
EDR (Endpoint Detection and Response)– The Ziften Endpoint Detection and Response solution constantly examines user and device habits and highlights abnormalities in real time, enabling security analysts to hone in on advanced risks much faster and decrease Time To Resolution (TTR). Ziften EDR enables companies to more rapidly determine the root cause of a breach and choose the needed corrective actions.
While other security tools play supporting roles, these are the 3 fundamentals that Gartner asserts do make up the core protector visibility into opponent actions within the targeted company. Arm up your SOC triad with Ziften. For a no obligation complimentary trial, visit: http://ziften.com/free-trial to find out more.