verint threat protection system™ - infosecurity mexico · 2020. 4. 1. · perimeter control /...
Post on 18-Apr-2021
1 Views
Preview:
TRANSCRIPT
NEW PERSPECTIVE.NEW DEFENSE.
Verint Threat Protection System™
Confidential and proprietary information of Verint Systems Inc. © All rights reserved worldwide2 Confidential and proprietary information of Verint Systems Inc. © All rights reserved worldwide2
Actionable Intelligence
$1+ BillionRevenue in NASDAQ
5000Employees
15Global offices
700+ Patents
$1BR&D investment over 10 years
6R&D Centers
Intelligence Powered Security
Confidential and proprietary information of Verint Systems Inc. © All rights reserved worldwide3
Too much noise
Long time from detection to resolution
Lack of automation
WHAT WE HEAR FROM CUSTOMERS
17KAlerts Per Week
4%of Alerts Investigated
7 WEEKSInvestigation Timeline
Isolate detection
tools
9 MONTHSBreach to Discovery
Shortage of cyber analysts
1,000,000Analysts
Confidential and proprietary information of Verint Systems Inc. © All rights reserved worldwide4
WHAT IS THERE TODAY?
Email Server
Internet
Customer Network
Endpoints
Servers
ServersEndpoints Endpoints
Internet Gateway
Remote Endpoints
Customer IT Environment
Confidential and proprietary information of Verint Systems Inc. © All rights reserved worldwide5
Email Server
Internet
Customer Network
Endpoints
Servers
ServersEndpoints Endpoints
Internet Gateway
Firewall
Remote Endpoints
A/V
Firewall
SIEM
SOC Team
Sandbox
WHAT IS THERE TODAY? Customer Security Tools
Confidential and proprietary information of Verint Systems Inc. © All rights reserved worldwide6
Email Server
Internet
Customer Network
Endpoints
Servers
ServersEndpoints Endpoints
Internet Gateway
Firewall
Remote Endpoints
A/V
Firewall
SIEM
SOC Team
Sandbox
WHY IT IS NOT WORKING? Security tools:
Perimeter Control / Prevention
Not Designed for Alerting,
Intelligence, Investigation
Focus exclusively on a
Single Attack vector
The Result:
Massive Alerts VolumeMostly NoiseMissing Key threats
Confidential and proprietary information of Verint Systems Inc. © All rights reserved worldwide7
Email Server
Internet
Customer Network
Endpoints
Servers
ServersEndpoints Endpoints
Internet Gateway
Firewall
Remote Endpoints
A/V
Firewall
SIEM
SOC Team
Sandbox
SIEM / Log Correlation Tools
Depend On Alert Sources
Quality And Implementation
Coverage
One-way Information Flow From
Sources To SIEM, After The Fact
Manual maintenance of
Correlation rules
The Result:
Many Raw AlertsLooking Just for Known ThreatsNo Dynamic InvestigationNever-ending Tuning
WHY IT IS NOT WORKING?
Confidential and proprietary information of Verint Systems Inc. © All rights reserved worldwide8
Email Server
Internet
Customer Network
Endpoints
Servers
ServersEndpoints Endpoints
Internet Gateway
Firewall
Remote Endpoints
A/V
Firewall
SIEM
SOC Team
Sandbox
Visibility / Investigation /
Forensic Tools
Most Often: Do Not Exist
Silo-ed, Not Integrated
No Automation
Unable To Link The Dots
Raw Data – Not Actionable
Inaccurate, Partial Findings
The Result:
Manual, Lengthy ProcessComplicated AnalysisInaccurate ResponseTime To Resolution Too LongHard To Communicate
WHY IT IS NOT WORKING?
Confidential and proprietary information of Verint Systems Inc. © All rights reserved worldwide9
Is 100% prevention really possible?Attackers WILL eventually
bypass every prevention method
Confidential and proprietary information of Verint Systems Inc. © All rights reserved worldwide10
Good prevention is necessary but not sufficient… organizations must make the right technology and personnel investments, guided by a fully formed detection and response strategy.
© 2017 Verint Systems Inc. All Rights Reserved Worldwide11
Prevention Damage ControlDetection & Response
Window of Opportunity
Identify & Recon Initial Attack Command/Control Discover/Spread Extract/Exfiltrate
Stop the attack before the damage is done!
© 2016 Verint Systems Inc. All Rights Reserved Worldwide1212 Confidential and proprietary information of Verint Systems Inc. © All rights reserved worldwide
Detection must cover the entire kill chain to make an impact
Coverage Is Critical
Complexity, Noise, Skills Barrier, Costs
Point Tools Create aNew Set of Problems
But Consider…
Organizations Must Move to Detection and Response
© 2016 Verint Systems Inc. All Rights Reserved Worldwide1313 Confidential and proprietary information of Verint Systems Inc. © All rights reserved worldwide
? ? ?
Time from Detection to Response must be shortened
82 Days146 Days
Time of Infection
Time to Detect Time to Investigate Time to Respond
Skills/Staff Shortage
Investigation is a bottleneck
Detection is taking too long
Where Does this Leave Organizations?
© 2016 Verint Systems Inc. All Rights Reserved Worldwide1414 Confidential and proprietary information of Verint Systems Inc. © All rights reserved worldwide
Balance between your need for security and your ROI
Security Costs
Security and Costs: OPTIMIZED
© 2016 Verint Systems Inc. All Rights Reserved Worldwide1616 Confidential and proprietary information of Verint Systems Inc. © All rights reserved worldwide
TECHNOLOGY
PEOPLEPROCESS
In depth Incident
Management & Visibility
Detection & Forensics across the entire kill-
chain
Maximize analyst capabilities and
efficiency
Making Detection,and Response Impactful
© 2016 Verint Systems Inc. All Rights Reserved Worldwide1717 Confidential and proprietary information of Verint Systems Inc. © All rights reserved worldwide
TECHNOLOGY
PEOPLEPROCESS
In depth Incident
Management & Visibility
Maximize analyst Capabilities and
Efficiency
Detection & Forensics across the entire kill-
chain
Automated Investigation is the Driving Force
Reduces Investigation Time by 80% Data Gathering & Enrichment
Incident Filtering, Prioritizing & Triage
Interaction with Detection & Forensic Engines
CONTINUOUSAND AUTOMATED
INVESTIGATION
Confidential and proprietary information of Verint Systems Inc. © All rights reserved worldwide18
Multi-VectorDetection
Network and EndpointLateral Movement
Malicious FilesCommand and Control
Verint Threat Protection System
Confidential and proprietary information of Verint Systems Inc. © All rights reserved worldwide19
Multi-VectorDetection
Deep Forensics
Proactive, Integrated ForensicsEndpoint ForensicsNetwork Forensics
Verint Threat Protection System
Confidential and proprietary information of Verint Systems Inc. © All rights reserved worldwide20
Multi-VectorDetection
Deep Forensics
Rapid Response Facilitate Response to Perimeter tools
Incident Timelines and Reports
Verint Threat Protection System
Confidential and proprietary information of Verint Systems Inc. © All rights reserved worldwide21
Multi-VectorDetection
Deep Forensics
Rapid Response
Automated Investigation
A team of virtual analysts working 24/7Investigating 100% of alertsPrioritized incidents for further analysis
Verint Threat Protection System
Confidential and proprietary information of Verint Systems Inc. © All rights reserved worldwide22
Integrations
Optional Add-Ons
Private Threat Intelligence Cloud
Web Intelligence
Malware Lab
Methodology & Training
Implementation
SOC Analysts
ServicesMulti-Vector
DetectionDeep
Forensics
Rapid Response
Automated Investigation
Verint Threat Protection System
© 2016 Verint Systems Inc. All Rights Reserved Worldwide23
SOC Analyst
CISOChief Risk
Officer
TAPOrg Network TAP
Verint Threat Protection System™
SOC Manager
Threat Detection Engines
File Analysis Lateral Movement
Command& Control
Forensic Engines
Network Endpoint
Unified Investigation Workflow
Automated InvestigationThreat Intelligence
Integration by Design Accelerates Detection & Response
Threat Intelligence
SIEM
Sandbox
Endpoint Detection &
Response
Perimeter Security
Enrich Intelligence& Respond
© 2017 Verint Systems Inc. All Rights Reserved Worldwide25
Hoursor Minutes
Fast and Effective Detection
Early Advanced Threat Detection
WEEKS
Minutesto Hours
RapidInsights
Investigation Time
Days or Weeks
Simple
Reduce Complexity
Integration and Deployment
Complex
Empower Tier 1,and Tier 2
Lower the Skills Barrier
Analyst Skillset
Reliance onTier 2
Simplifying Security Operations
© 2017 Verint Systems Inc. All Rights Reserved Worldwide26 © 2017 Verint Systems Inc. All Rights Reserved Worldwide26
Reduce the number of security tools, accelerate analyst onboarding and lower the skills barrier
SimplifyingSecurity Operations
Single pane of glass
Prioritize incidents
Orchestrated response
© 2017 Verint Systems Inc. All Rights Reserved Worldwide27
Sistema de protección contra amenazas - Casos de uso
ProactiveCyberThreat
Hunting
Intelligence-Driven
SOCNetwork
Audits
Post Breach Analysis
and Forensics
Continuous Detection of Unknown Threats
© 2016 Verint Systems Inc. All Rights Reserved Worldwide28
Demo
© 2016 Verint Systems Inc. All Rights Reserved Worldwide28
Thank YouFOR LISTENING
Visit: www.verint.com/cyber
© 2016 Verint Systems Inc. All Rights Reserved Worldwide32
TPS BE Unified / Segmented
View
Back Office Org1
Org3Org 3
Org2Site 1
Site 2TPS FE
TPS FE
TPS FE
Flexible DeploymentDistributed Environment - Multi Organizations
top related