verint threat protection system™ - infosecurity mexico · 2020. 4. 1. · perimeter control /...

NEW PERSPECTIVE.NEW DEFENSE.

Verint Threat Protection System™

Confidential and proprietary information of Verint Systems Inc. © All rights reserved worldwide2 Confidential and proprietary information of Verint Systems Inc. © All rights reserved worldwide2

Actionable Intelligence

$1+ BillionRevenue in NASDAQ

5000Employees

15Global offices

700+ Patents

$1BR&D investment over 10 years

6R&D Centers

Intelligence Powered Security

Confidential and proprietary information of Verint Systems Inc. © All rights reserved worldwide3

Too much noise

Long time from detection to resolution

Lack of automation

WHAT WE HEAR FROM CUSTOMERS

17KAlerts Per Week

4%of Alerts Investigated

7 WEEKSInvestigation Timeline

Isolate detection

tools

9 MONTHSBreach to Discovery

Shortage of cyber analysts

1,000,000Analysts


WHAT IS THERE TODAY?

Email Server

Internet

Customer Network

Endpoints

Servers

ServersEndpoints Endpoints

Internet Gateway

Remote Endpoints

Customer IT Environment


Email Server

Internet

Customer Network

Endpoints

Servers


Internet Gateway

Firewall

Remote Endpoints

A/V

Firewall

SIEM

SOC Team

Sandbox

WHAT IS THERE TODAY? Customer Security Tools


Email Server

Internet

Customer Network

Endpoints

Servers


Internet Gateway

Firewall

Remote Endpoints

A/V

Firewall

SIEM

SOC Team

Sandbox

WHY IT IS NOT WORKING? Security tools:

Perimeter Control / Prevention

Not Designed for Alerting,

Intelligence, Investigation

Focus exclusively on a

Single Attack vector

The Result:

Massive Alerts VolumeMostly NoiseMissing Key threats


Email Server

Internet

Customer Network

Endpoints

Servers


Internet Gateway

Firewall

Remote Endpoints

A/V

Firewall

SIEM

SOC Team

Sandbox

SIEM / Log Correlation Tools

Depend On Alert Sources

Quality And Implementation

Coverage

One-way Information Flow From

Sources To SIEM, After The Fact

Manual maintenance of

Correlation rules

The Result:

Many Raw AlertsLooking Just for Known ThreatsNo Dynamic InvestigationNever-ending Tuning

WHY IT IS NOT WORKING?


Email Server

Internet

Customer Network

Endpoints

Servers


Internet Gateway

Firewall

Remote Endpoints

A/V

Firewall

SIEM

SOC Team

Sandbox

Visibility / Investigation /

Forensic Tools

Most Often: Do Not Exist

Silo-ed, Not Integrated

No Automation

Unable To Link The Dots

Raw Data – Not Actionable

Inaccurate, Partial Findings

The Result:

Manual, Lengthy ProcessComplicated AnalysisInaccurate ResponseTime To Resolution Too LongHard To Communicate

WHY IT IS NOT WORKING?


Is 100% prevention really possible?Attackers WILL eventually

bypass every prevention method


Good prevention is necessary but not sufficient… organizations must make the right technology and personnel investments, guided by a fully formed detection and response strategy.

© 2017 Verint Systems Inc. All Rights Reserved Worldwide11

Prevention Damage ControlDetection & Response

Window of Opportunity

Identify & Recon Initial Attack Command/Control Discover/Spread Extract/Exfiltrate

Stop the attack before the damage is done!

© 2016 Verint Systems Inc. All Rights Reserved Worldwide1212 Confidential and proprietary information of Verint Systems Inc. © All rights reserved worldwide

Detection must cover the entire kill chain to make an impact

Coverage Is Critical

Complexity, Noise, Skills Barrier, Costs

Point Tools Create aNew Set of Problems

But Consider…

Organizations Must Move to Detection and Response


? ? ?

Time from Detection to Response must be shortened

82 Days146 Days

Time of Infection

Time to Detect Time to Investigate Time to Respond

Skills/Staff Shortage

Investigation is a bottleneck

Detection is taking too long

Where Does this Leave Organizations?


Balance between your need for security and your ROI

Security Costs

Security and Costs: OPTIMIZED


TECHNOLOGY

PEOPLEPROCESS

In depth Incident

Management & Visibility

Detection & Forensics across the entire kill-

chain

Maximize analyst capabilities and

efficiency

Making Detection,and Response Impactful


TECHNOLOGY

PEOPLEPROCESS

In depth Incident

Management & Visibility

Maximize analyst Capabilities and

Efficiency

Detection & Forensics across the entire kill-

chain

Automated Investigation is the Driving Force

Reduces Investigation Time by 80% Data Gathering & Enrichment

Incident Filtering, Prioritizing & Triage

Interaction with Detection & Forensic Engines

CONTINUOUSAND AUTOMATED

INVESTIGATION


Multi-VectorDetection

Network and EndpointLateral Movement

Malicious FilesCommand and Control

Verint Threat Protection System



Deep Forensics

Proactive, Integrated ForensicsEndpoint ForensicsNetwork Forensics




Deep Forensics

Rapid Response Facilitate Response to Perimeter tools

Incident Timelines and Reports




Deep Forensics

Rapid Response

Automated Investigation

A team of virtual analysts working 24/7Investigating 100% of alertsPrioritized incidents for further analysis



Integrations

Optional Add-Ons

Private Threat Intelligence Cloud

Web Intelligence

Malware Lab

Methodology & Training

Implementation

SOC Analysts

ServicesMulti-Vector

DetectionDeep

Forensics

Rapid Response

Automated Investigation



SOC Analyst

CISOChief Risk

Officer

TAPOrg Network TAP

Verint Threat Protection System™

SOC Manager

Threat Detection Engines

File Analysis Lateral Movement

Command& Control

Forensic Engines

Network Endpoint

Unified Investigation Workflow

Automated InvestigationThreat Intelligence

Integration by Design Accelerates Detection & Response

Threat Intelligence

SIEM

Sandbox

Endpoint Detection &

Response

Perimeter Security

Enrich Intelligence& Respond


Hoursor Minutes

Fast and Effective Detection

Early Advanced Threat Detection

WEEKS

Minutesto Hours

RapidInsights

Investigation Time

Days or Weeks

Simple

Reduce Complexity

Integration and Deployment

Complex

Empower Tier 1,and Tier 2

Lower the Skills Barrier

Analyst Skillset

Reliance onTier 2

Simplifying Security Operations

© 2017 Verint Systems Inc. All Rights Reserved Worldwide26 © 2017 Verint Systems Inc. All Rights Reserved Worldwide26

Reduce the number of security tools, accelerate analyst onboarding and lower the skills barrier

SimplifyingSecurity Operations

Single pane of glass

Prioritize incidents

Orchestrated response


Sistema de protección contra amenazas - Casos de uso

ProactiveCyberThreat

Hunting

Intelligence-Driven

SOCNetwork

Audits

Post Breach Analysis

and Forensics

Continuous Detection of Unknown Threats


Demo


Thank YouFOR LISTENING

Visit: www.verint.com/cyber


TPS BE Unified / Segmented

View

Back Office Org1

Org3Org 3

Org2Site 1

Site 2TPS FE

TPS FE

TPS FE

Flexible DeploymentDistributed Environment - Multi Organizations

verint threat protection system™ - infosecurity mexico · 2020. 4. 1. · perimeter control /...

Documents