Security Automation& Orchestration

Integrate, Innovate and Transform your People,Process and tools together

ALTEN Calsoft Labs envisions to deliver Automated and orchestrated Cyber Defence platform for the SOC and security professionals. Security Automation and Orchestration derived from lack of automated processes, practices, and collaboration.

With many repetitive tasks to perform, security analysts struggle with alert fatigue and thus, a lot slips through the cracks. SAO automates simple tasks, prioritizes critical events, and puts time back on the clock to proactively hunt threats.

SAO streamlines security teams, tools, processes, and threat intelligence for faster, more efficient actions.

By combining security automation and orchestration with Threat intelligence, Situational Awareness and Historical Knowledge determine what and how processes should be handled.

Threat intelligence allows the process to automatically adjust itself and helps you drive further decision making.

Security teams are then able to fully utilize their current investments by automating repetitive tasks, prioritizing critical events, and providing situational awareness and additional context needed to inform decision making that will better protect your organization from attacks.

SAO: SOLUTION OVERVIEWFirst of its kind Programmable Security Controller, intended to allow organisations to automate and orchestrate their internal security operations.

Incidents

Vulnerabilities

Intelligence Feeds

Restore Endpoint

Block IP

Query File Reputation

Cisco ASA Firewall

MS Active Directory

Virus Total

Firewall

Directory Services

SIEMs

AD Admin

FW Admin

SIEM Admin

Incident ResponsePlans

Patch Deployment

PLAYBOOKS ACTIONSSECURITYDATA APPS ASSETS OWNERS

Write security automation playbooks for any unstructured data that you would like to send to it. Play books are written in python.

APPS extend the platform by adding connectivity to third party security technologies in order to execute actions.

Provides an abstraction layer to hundreds of possible security products

ASSETS must be configured within the platform in order to automate actions on them

BUILDING BLOCKS OF SAO

INGESTIONComponents responsible for ingesting Data from disparate data sources on demand or in a continuous real time fashion.

Examples of ingestion sources are SIEMS like ArcSight, QRadar and Splunk. The data is consumed, processed and normalised for facilitating automated decision making and automated actions.

DECISION MAKINGSAO allows security operations teams to implement their response plans as Playbooks which are open, python based automation scripts that are executed on demand or automatically when new information becomes available.

WORKFLOWSDepending on the action and asset configuration ,security operations team are engaged to review the actions ,their parameters and changes implemented on the assets.

Only if the user approves of the changes does the system execute the actions. In the process users are allowed to approve, change, deny or delegate the decision making.

APPS, ASSETS & ACTIONSManages the complex tasks of identifying which action is applicable to which asset, and how to execute it using and open source app model i.e. connectors to respective products and devices.

ALTEN Calsoft Labs SAO platform increase analyst efficiency to support the entire threat investigation, through full remediation and recovery.

These efficiencies empower your team to more effectively respond and remediate cyber threats.

BENEFITS OF SAO

Save time by eliminating repetitive, mundane tasks

Increase efficiency by streamlining processes

Prioritize security events

Speed up response times by automating investigation process.

ALTEN Calsoft labs purpose- built, community powered SAO platform ingests high fidelity security data in real time from a wide variety of sources and provides unprecedented security operational efficiency by managing the lifecycle of an incident and automating execution of actions and response plans across entreprise IT assets.

MAKING SECURITY SMARTER, FASTER AND STRONGEREnterprises can be more effective in combating threats and actively defending their IT infrastructure by leveraging SAO platform that allows them to

Process all indicator of compromise; so that attacks can be addressed their earliest stages and before they can do widespread damage

Enable and empower the IT and Security operations team to act and actively engage in the lifecycle of incident and with required process and discipline

Make the IT security investments more effective by driving necessary configuration changes expediently to combat threats

USE CASES OF SAOPhishing investigations

SIEM Triage

Threat Hunting

Insider Threat Detection

Threat Intelligence

Background Verification

Endpoint Protection

Forensic Investigation

Blocking of indicators

Malware analysis

Indicator enrichment

Case management

business@altencalsoftlabs.com | www.altencalsoftlabs.com

ALTEN Calsoft Labs is a next-gen digital transformation, enterprise IT and product engineering services provider. The company enables clients to Innovate, Integrate, and Transform their business by leveraging disruptive technologies like cyber security , mobility, big data analytics, cloud, IoT, DevOps, RPA,software-defined networking (SDN/NFV). ALTEN Calsoft labs Cyber security Practice mission is to look at advanced cybersecurity technologies to the enterprises, service providers, BFSI and government agencies across the globe.The Managed Security services use Cyber Defence Platforms,Automation frameworks, Threat intelligence data and analytics to build defense systems against complex and sophisticated threats.

ALTEN Calsoft Labs is a part of ALTEN group, a leader in technology consulting and engineering services.

OUR GLOBALFOOTPRINT

business@altencalsoftlabs.comwww.altencalsoftlabs.com

UNITED STATES

2903, Bunker Hill Lane, Suite 107, Santa Clara,CA 95054.

3655 North Point ParkwaySuite 650, AlpharettaGA 30005

5 Great Valley ParkwaySuite 359, Malvern,PA 19355

UNITED KINGDOM

3-5 Crutched FriarsLondon EC3N 2HT, United Kingdom

FRANCE

40 avenue Andre Morizet,92514 Boulogne-Billancourt, France

INDIA

SINGAPORE

101, Cecil Street, # 24-10, Tong Eng Building, Singapore - 069533

1st & 2nd Floor, ESPEE IT Park, Plot No.5, Jawaharlal Nehru Road, Ekkaduthangal, Chennai - 600032

Stellar IT park, C-25, Sector-62, 3rd Floor (Western Side) of Tower-2, Noida - 201301

7th Floor, Tower D, IBC Knowledge Park, 4/1,Bannerghatta Main Road,Bengaluru - 560029

Level 7 Maximus TowersBuilding 2A Mindspace Complex, Hi-Tech City Hyderabad - 500 081