www.obrela.com Corporate Security Intelligence Services



Similar documents
Swordfish

Symantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team

High End Information Security Services

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work

LOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE

SP Monitor. nfx One gives MSPs the agility and power they need to confidently grow their security services business. NFX FOR MSP SOLUTION BRIEF

QRadar SIEM 6.3 Datasheet

IBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer

SIEM Implementation Approach Discussion. April 2012

WHITE PAPER Cloud-Based, Automated Breach Detection. The Seculert Platform

Find the needle in the security haystack

CORE INSIGHT ENTERPRISE: CSO USE CASES FOR ENTERPRISE SECURITY TESTING AND MEASUREMENT

The Cyber Threat Profiler

Caretower s SIEM Managed Security Services

Injazat s Managed Services Portfolio

LOG MANAGEMENT AND SIEM FOR SECURITY AND COMPLIANCE

Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief

QRadar SIEM and FireEye MPS Integration

Cyber Security Metrics Dashboards & Analytics

Vulnerability Management

Information Technology Policy

Applying Internal Traffic Models to Improve Identification of High Fidelity Cyber Security Events

Managed Security Services. Leverage our experienced security operations team to improve your cyber security posture

LOG INTELLIGENCE FOR SECURITY AND COMPLIANCE

Italy. EY s Global Information Security Survey 2013

LogInspect 5 Product Features Robust. Dynamic. Unparalleled.

Payment Card Industry Data Security Standard

Achieving Actionable Situational Awareness... McAfee ESM. Ad Quist, Sales Engineer NEEUR

LogPoint 5.1 Product Features Robust. Dynamic. Unparalleled.

WHITE PAPER SPLUNK SOFTWARE AS A SIEM

WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales

Analyzing HTTP/HTTPS Traffic Logs

IBM SECURITY QRADAR INCIDENT FORENSICS

VERISIGN DDoS PROTECTION SERVICES CUSTOMER HANDBOOK

Accenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges

How To Create Situational Awareness

Enterprise Security Solutions

QRadar SIEM and Zscaler Nanolog Streaming Service

North American Electric Reliability Corporation (NERC) Cyber Security Standard

The Sumo Logic Solution: Security and Compliance

NitroView Enterprise Security Manager (ESM), Enterprise Log Manager (ELM), & Receivers

Continuous Network Monitoring

Palo Alto Networks and Splunk: Combining Next-generation Solutions to Defeat Advanced Threats

The SIEM Evaluator s Guide

CALNET 3 Category 7 Network Based Management Security. Table of Contents

SANS Top 20 Critical Controls for Effective Cyber Defense

CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS

Tivoli Security Information and Event Manager V1.0

Eight Essential Elements for Effective Threat Intelligence Management May 2015

State of SIEM Challenges, Myths & technology Landscape 4/21/2013 1

Q1 Labs Corporate Overview

Technology Blueprint. Protect Your Servers. Guard the data and availability that enable business-critical communications

IBM QRadar Security Intelligence April 2013

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

NitroView. Content Aware SIEM TM. Unified Security and Compliance Unmatched Speed and Scale. Application Data Monitoring. Database Monitoring

IBM Security Operations Center Poland! Wrocław! Daniel Donhefner SOC Manager!

ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES

Instilling Confidence in Security and Risk Operations with Behavioral Analytics and Contextualization

Business white paper. Missioncritical. defense. Creating a coordinated response to application security attacks

Trend Micro. Advanced Security Built for the Cloud

August Investigating an Insider Threat. A Sensage TechNote highlighting the essential workflow involved in a potential insider breach

IBM Security Intelligence Strategy

CLOUD GUARD UNIFIED ENTERPRISE

PALANTIR CYBER An End-to-End Cyber Intelligence Platform for Analysis & Knowledge Management

Boosting enterprise security with integrated log management

Managed Services. Business Intelligence Solutions

NEC Managed Security Services

Symantec Global Intelligence Network 2.0 Architecture: Staying Ahead of the Evolving Threat Landscape

White Paper: Meeting and Exceeding GSI/GCSx Information Security Monitoring Requirements

What is Security Intelligence?

Cybersecurity: What CFO s Need to Know

Niara Security Analytics. Overview. Automatically detect attacks on the inside using machine learning

IBM Security Strategy

HP and netforensics Security Information Management solutions. Business blueprint

The webinar will begin shortly

Requirements When Considering a Next- Generation Firewall

Threat Center. Real-time multi-level threat detection, analysis, and automated remediation

Cyber4sight TM Threat. Anticipatory and Actionable Intelligence to Fight Advanced Cyber Threats

Website Security. End-to-End Application Security from the Cloud. Cloud-Based, Big Data Security Approach. Datasheet: What You Get. Why Incapsula?

How To Manage Security On A Networked Computer System

IBM: An Early Leader across the Big Data Security Analytics Continuum Date: June 2013 Author: Jon Oltsik, Senior Principal Analyst

RSA envision. Platform. Real-time Actionable Security Information, Streamlined Incident Handling, Effective Security Measures. RSA Solution Brief

KEY STEPS FOLLOWING A DATA BREACH

Advanced File Integrity Monitoring for IT Security, Integrity and Compliance: What you need to know

Securing your IT infrastructure with SOC/NOC collaboration

Information security controls. Briefing for clients on Experian information security controls

Is your SIEM ready.???

Endpoint Threat Detection without the Pain

Best Practices for Building a Security Operations Center

Tech Brief. Choosing the Right Log Management Product. By Michael Pastore

Seven Things To Consider When Evaluating Privileged Account Security Solutions

Managed Security Service Providers vs. SIEM Product Solutions

BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports

Niara Security Intelligence. Overview. Threat Discovery and Incident Investigation Reimagined

End-user Security Analytics Strengthens Protection with ArcSight

Attack Intelligence: Why It Matters

DETECT AND RESPOND TO THREATS FROM THE DATA CENTER TO THE CLOUD

Building a Security Operations Center (SOC)

Transcription:

Corporate Security Intelligence Services

We Keep Your Business In Business Using security analytics and sophisticated risk management technology we dynamically protect our clients by identifying, analyzing, predicting and preventing security threats in real time. Organizations have already made significant investments in order to implement best of breed, multi layered information security architectures, adopting in a relatively small timeframe a multitude of technologies such as Firewalls, Intrusion Detection Systems, Web Application Firewalls, Anti virus / Anti spam / Anti phishing systems, etc. in a never ending race of improving their security posture and being able to cope with the new threats. Each security system and mechanism, however, implies a significant operational overhead in order to be efficient and deliver on its security and Return on Investment promises. All services are built on our highly available and secure Datacenters and operated 24x7x365 by our Security Operations Centers staffed with certified and experienced Security Analysts and Engineers. Obrela Security Industries Corporate Security Intelligence services are engineered to be vendor independent, practically capable to monitor security, operational and transactional events from any product, system or application and network device available in the market today. Our Corporate Security Intelligence services, Security Operations Centers and Datacenters are ISO 27001 and ISO 9001 certified.

We provision it all as a service and clients can get what they want when they want and where they want with no upfront or very little investments. Reduced CAPEX Obrela Security Industries Corporate Security Intelligence Services require ZERO capital investment. The client is not required to purchase or own any infrastructure, as everything is owned and preconfigured by Obrela Security Industries including any client side infrastructure and equipment. Low OPEX Obrela Security Industries staff a team of security experts and engineers operating 24 hours a day, 365 days a year, relieving their Clients from the operation cost of maintaining in house Operations Center would require hiring and training a dedicated team of at least 10 specialized employees Increased Scalability Obrela Security Industries Security as a Service offerings are based on strictly bound service level agreements, allowing the clients to expand the scope of systems monitored according to their needs based on a predefined pay as you go model. Reduced Time to implementation Leveraging the power of Obrela Security Industries state of the art Incident and Event Management Platform the time typically required to start monitoring the majority of a client s infrastructure ranges from a few days to a few weeks. Employee Turnover Risk Elimination Even when an organization is prepared to fund an investment for an in house Operations Center, maintaining, training and certifying security experts able and willing to work 24x7 is a difficult task. This investment in human capital is unlikely to mature, mainly due to the high employee turnover. Those issues are factored in the Obrela Security Industries MSSP business model in order for any employee turnover to happen transparently to the end customer. Service Quality The overall service quality offered by Obrela Security Industries can be measured as well as monitored in tangible, monetary terms should any SLA clause be breached. Speed of Deployment Obrela Security Industries follow strict workflows, optimized for deployment quality, accuracy and speed. The re usability of our multi tenant pre fine tuned and optimized platform, our methodology and the experience of our security engineers, guarantee an unmatched delivery time in the MSSP industry today. Save Money Save Time Keep Control Keep Simple Lease not Buy Fast Deployment 1 Contract 1 Service Point

Obrela Security Industries collects and analyzes structured and unstructured data generating valuable intelligence for new, emerging and advanced security threats giving its clients a unique advantage in predictability, preparation and response. Obrela Security Industries security event management services take the step beyond storage and alerting to provide real time monitoring, historic & behavioral analysis and the automated security incident response necessary to manage the higher level of risk associated with doing business in today s digital world. Our state of the art SIEM technology operated 24x7x365 by our Security Analyst teams is pro actively monitoring network systems and applications traffic, looking for suspicious activity and notifying when security events require additional analysis, investigation or action. The advanced real time correlation and behavioral analysis capabilities of our SIEM platform identifies the relevance of any given event by placing it within context of who, what, where, when and why that event occurred, in order to derive its impact on business risk terms. Logs from multiple sources as IDS/IPS, network devices, servers, applications and databases are cross correlated between each log source and external intelligence data in order to identify incidents that are happening in real time. Corporate Security Intelligence services are delivered to the client utilizing a vast library of optimized correlation rules and behavior analysis/profiling use cases called Deep Security Event Correlation. All the operations are collaborative and delivered to our Clients through a full featured Case Management System where all incidents are tracked from identification to resolution. Security Event Management Granular and role based real time dashboards and reports are delivered providing a multi dimensional view of the operations taking place, as well as Key Performance Indicators (KPIs) that ensure our service is delivered in strict accordance to each SLA. Adding to the above, a unique set of Complementary Intelligence Services complete the eco system of Corporate Security Intelligence by bringing additional value to any deployment incorporating, amongst others, external intelligence, social media monitoring and Malware/APT protection and analytics.

Our Corporate Security Intelligence Services provide a logical umbrella of active protection not just a managed SIEM service. We offer an unprecedented additional protection layer that ensures the identification, prevention, and prediction of cyber threats in real time. All under a single console. Automated Malware & APT Analysis Swordfish MAS This unique service allows OSI to capture nearly anything the customer's internal users download (whether they know they are downloading it or not), analyze the files behavior and communications and provide all appropriate information needed to flag the file ok for further use or not. The results of this dynamic analysis are also fed back into the SIEM for cross correlation with real time logs collected from the equipment in order to solidify the impact and prevent propagation of any malware or APT. Web Resource Surveillance Swordfish WebMonitor The customer's key web resources and their approved activities are extensively tested until a Gold Standard behavior mapping is developed. This Gold Standard mapping is then applied to OSI's Security Operations Center(SOC) and monitored round the clock. Any deviation from this mapping will trigger flags within OSI's SOC and strict rules of engagement are followed, allowing the customer to act quickly and decisively. Reputational Intelligence Swordfish ReputationMonitor Obrela Security Industries Reputational Intelligence enhances Corporate Security Intelligence by adding reputational context to all the actors associated with the communications between the customer infrastructure and the Internet. This is performed by integrating and de duplicating multiple proprietary and open reputational feeds. OSI Domestic Intelligence Network uses SIEM and Honeypot intelligence to extract and local attack formations & attackers targeting multi region telecommunication providers, amongst other industries. Sources based on OSI proprietary intelligence (SIEM based reputation, Malware Analysis, Regional Honeynet), Commercial Feeds (eg DVLabs) and Open Source feeds allow OSI to have total visibility of communication with TOR/Anonymity, C&C Servers, Compromised Hosts, Malware Repositories, Phishings Sites, etc. Social Media Intelligence Swordfish SocialMonitor Malicious parties make use of social media such as Twitter, Facebook, public forums, IRC Channel and paste bins in order to organize upcoming attacks and/or invite internet users to take part in mass driven attack scenarios such as Distributed Denial of Service (DDoS). OSI Security Intelligence has identified preattack discussions and successfully provided fail safe recommendations and strategies to eliminate the implied customer risk of a successful attack. To automate and streamline the above methodology, Obrela Security Intelligence developed SWORDFISH SocialMonitor combining the Intelligence Data Gathering approaches and Real Time Threat Management capabilities of the SIEM platform, in order to extract and normalize publicly available announcements and information leaks and automatically correlate them in real time with suspicious behavior and trends identified through monitoring the Customer infrastructure.

Configuration Assessment Swordfish PolicyMonitor The Configuration Assessment (Swordfish PolicyMonitor) retrieves configurations from firewalls, routers, IDS/IPS, *nix systems and analyses them using pattern recognition in order to identify actions and deviations from normal administration. The Swordfish Configuration Assessment module is an invaluable tool to track configuration changes over time, attribute them to users performing the actions and maintain a complete history map of all interactions with network management equipment. (3 D)imensional Correlation (3 D)imensional Correlation is an additional layer on top of the security intelligence services that combines the log management capabilities of the OSI monitoring platform with the actual vulnerabilities of the systems monitored. This type of service is targeted for large organizations with increased complexity of infrastructure where logs are gathered from a large number of devices. Based on the OSI advanced correlations rule set, the correlation engine takes into consideration the Vulnerability factor, reducing false positives and as a result increases or decreases the alertcriticality level depending on whether an attack vector meets the conditions required in order to be successful. User Activity Monitoring / Privileged User Surveillance All organizations have a special group of users that have elevated privileges or capabilities on their systems and applications. This (or any other definable) group of users needs to be continually supervised in order to ensure proper behavior and actions within the organizations systems. Privileged User Surveillance Service monitors and logs these specific users activities and escalates when these violate the security policy or meet the mutually agreed rules of engagement. Network Perimeter Surveillance All network traffic on customer perimeter network is extensively monitored and a Gold Standard behavior mapping is developed. This mapping is then subjected to further testing and is refined to ensure that it contains only approved traffic. This final mapping is applied to OSI's SOC so that any traffic that triggers an alert is properly dealt with. Customer will be able to take a variety of actions depending on the type of policy infringement.

True regulatory compliance finally made easy. The significant increase in the number of governments regulations over the confidentiality, integrity and availability of sensitive information has drastically affected the operating requirements of security departments. These new requirements have created a large time sink for security departments in collecting, organizing, monitoring and reporting on event logs to detect and manage control related activity. As a result, it s no surprise that companies across all industries are calling out for technology to automate the required but time consuming processes. Designed around best practices, Obrela Security Industries SIEM solution leverage the NIST 800 53 (FIPS 200) standard to provide a comprehensive system for the implementation, assessment and monitoring of control effectiveness, including access control changes, administrative activity, log in monitoring, as well as change and risk management. Each Compliance Package automatically maps these technical checks to the standard to place them in policy and risk relevant operational context, allowing organizations to focus on key services and business processes within the enterprise. together to deliver the most relevant and comprehensive set of compliance content in the SIM market today: Comprehensive report templates assessing the effectiveness of internal controls Extensive graphical dashboards for continuous compliance oversight Focused tracking of administrative activity delivering effective separation of duties Real time identification of high risk activity Integration of each non compliance issue in the Security Incident Response procedure followed by the Security Operations Centers in order to achieve true compliance Ability to map assets to more than one compliance category Obrela Security Industries brings these two compliance standards

Effective Log Management requires broad event collection, efficient storage and straightforward analysis of large amounts of log data. Obrela Security Industries Enterprise Log Management service uniquely addresses these challenges along with simplicity in deployment and management, from small to enterprise scale, and elimination of tradeoffs between performance and efficiency. By leveraging the event collection and normalization abilities of our SIEM Technology, Obrela Security Industries collects and securely stores log data from hundreds of types of commercial products. Clients using Obrela Security Industries Log Management Services enjoy the ability to perform "forensics on the fly", run Ultra fast searches of raw and structured log data via a simple, Google like interface without any concerns regarding technology risks, deployment, storage size monitoring, scalability, security and performance. High performance search and reporting can reduce hours of manual effort down to minutes or seconds valuable especially in periods where time matters, such as during the investigation of security incidents. Obrela Security Industries Log Management services being based on isolated and secured n tier distributed and highly available architectures also guarantee that the process of logs analysis and regular reporting poses no negative impact on collection, normalization and correlation performance, nor it compromises storage efficiency. Our Enterprise Log Management offering provides: Enterprise Log Management Multiple and scalable retention policies on data collected (capacity & retention time) Unrestricted search using free text or structured queries Unlimited number of Reports and Dashboards Granular access controls on Logs, Reports and Dashboards Ability to keep the Raw (unparsed) Logs for litigation purposes Integrity checking using multiple timestamps and hashes to establish a chain of custody 24x7x365 support by our Security Operations Centers teams

Unlike legacy fraud prevention technologies, we correlate activity across multiple banking channels, to detect sophisticated fraud schemes that span online, ATM, telephone and bank branch activity. As consumers become more comfortable with online financial services, the sheer number of transactions and amount of money handled via the internet has exploded. This has brought an equally large boom in online fraud. Today s online banking customer faces financial risks from bots, viruses, hackers and phishers. In fact, growth in fraud may derail online financial services if widespread fraud can t be stopped. performed when required, given event critically and historical data. Security event information is being consolidated and reported to our Security Operations Centers (SOC) where it is being correlated & monitored and manually validated on a 24X7 basis. Incidents requiring attention are escalated based on mutually agreed SLA and are monitored until closure via an integrated ticketing system. Obrela Security Industries Fraud Management Services detect and prevent online fraud by evaluating and scoring financial transactions in real time. Unlike legacy fraud prevention technologies, Fraud Management Services can correlate activity across multiple banking channels, to detect sophisticated fraud schemes that span online, ATM, telephone and bank branch activity. Our services can leverage existing client side legacy fraud detection technologies by aggregating information from a variety of risk and fraud scoring products, to create a single, high level risk score of any transaction, as it occurs. Obrela Security Industries can proactively monitor FMS systems and applications, looking for suspicious activity and notifying when fraudulent behavior and events require additional analysis, investigation or action. Customer Transaction Verification can be Fraud Management Services

Cyber Security Incident Response Team (SIRT) Obrela Security Industries Cyber Security Incident Response services are provided with a powerful combination of proactive planning and 24 x 7 handling of security incidents. Our Incident Management and Response services enable client organizations to respond quickly and confidently to computerrelated security incidents including system compromise, virus infection and denial of service attacks helping you minimize downtime and lost revenue. Additionally, Obrela Security Industries can help clients be prepared against security incidents by conducting criticality and vulnerability assessments, threat analysis, creating a an appropriate control framework, mapping the implications of people / process / technology / information and review the state of readiness in cyber security incident response. The Security Incident Response Team provides onsite & remote support and guidance to the client for the mitigation/containment of any security incident that may occur. This may include technical assistance in any of the following fields: Collection and Interpretation of the all data and logs related to the Incident Guidance on the actions needed to contain the threat/incident Guidance for recovery actions if that s necessary and all the phases of the SIRT methodology: Identification Assessment Repressive Actions Eradication Recovery Follow up Monitoring

Learn More https://www.obrela.com/corporate security intelligence

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information