Carbon Black & VMware Announce Expanded Partnership to Secure the Software-Defined Data Center (SDDC) Learn more

Excerpts from Building a High Speed SOC: Achieving Speed (Part 2)

timeline-high-speed-soc-card
Rick McElroy
sean_blanton
December 14, 2017 / Rick McElroy Sean Blanton

Carbon Black recently published an in-depth guide on what it takes to develop a “high speed” security operations center, or SOC; this is the last excerpt from that guide, which you can find here. For more information on building high speed SOCs, including how to eliminate the “response gap,” check out the Transform Into a High Speed SOC hosted by IBM and Carbon Black.


How Can My Entire SOC Evolve with Every New Attack?

In a Verizon report, 88% of breaches fell into one of nine patterns that had existed three years prior. Attackers know that legacy antivirus products can be easily bypassed by making slight changes to avoid being identified as “known bad.” However, utilizing patterns of attack to connect the dots between IOCs and all other system events, SOC analysts and incident responders can gain complete understanding of the precise sequence of events as a cyber crime unfolds. There is clear cause-and-effect insight into where an attacker gained access, what he tried to accomplish, how he attempted exfiltration and, ultimately, what the exact root cause of the attack was. Without this contextual understanding of the attack, an incident responder would completely lack any additional insight into how the organization could be better protected in the future.

We asked Kevin, an IT director at an accounting firm using Cb Response, how he is able avoid addressing the same threats over and over. “Cb Response provides a launch pad into researching where a threat exists, how it got there, and allows us to isolate it before it spreads. We use Cb Response to greatly reduce the time spent investigating threats once they are detected and to provide us with a single interface to perform all investigative actions. Once a threat has been identified, we are able to construct a watchlist out of the events and processes associated with the threat. This allows us to have a ‘fool me once, shame on you’ posture to avoid being hit twice for the same or similar threat.”

 

______________________________________________

 

For more information on building high speed SOCs, including how to eliminate the “response gap,” check out the Transform Into a High Speed SOC hosted by IBM and Carbon Black.

Watch Now

______________________________________________

 

Continuous and centralized recording means Cb Response has every bit of data it needs to identify a pattern of attack and provide an intuitive visualization to identify root cause. Cb Response not only correlates indicators of compromise, it provides full context via a detailed attack chain with information about every process spawned and every endpoint affected. This detailed level of information is invaluable to closing the IR feedback loop, ensuring that everything you learn flows back into your SOC in the form of actionable intel that drives automation in the future. Cb Response helps you operationalize your new understanding of malicious techniques as automated watchlists enabling you to spend more time hunting new threats and less time constantly policing known areas of risk manually.

 

Response provides a launch pad into researching where a threat exists, how it got there, and allows us to isolate it before it spreads.”

Kevin Kraft, IT Director, Bowman and Company, LLP

 

Who Can We Turn To For Support?

Corporate-minded cybercriminals collude every day to launch attacks on unsuspecting corporations. With more than 13 million endpoints now protected by Carbon Black globally, embracing collective defense is not only easy, but incredibly advantageous to your security posture.

Cb Response enables SOCs to collectively defend their organizations by streamlining the implementation of threat intelligence feeds through the Carbon Black Collective Defense Cloud. Cloud-based endpoint telemetry combines complete visibility with advanced intel and analytics.

Your data is enriched both with our proprietary technology and any other third-party intelligence feeds you choose to enable. The result is the most robust cloud-based intel available to help you stop the most attacks.

 

The analysis & IOCs provided by security experts in Carbon Black’s global community were most helpful… All IOCs were pre-banned across endpoints prior to infection.

Caleb Cromun, System Engineer, Samaritan Ministries

 

 

______________________________________________

 

For more information on building high speed SOCs, including how to eliminate the “response gap,” check out the Transform Into a High Speed SOC hosted by IBM and Carbon Black.

Watch Now

______________________________________________

 


Thanks for joining us as we explored “Building a High Speed SOC,” our in-depth guide on what it takes to develop a “high speed” security operations center. You can click here to get a copy of the full report. Join us next week as we profile another report in the world of endpoint security.

TAGS: Cb Response / Excerpts / High Speed SOC / security operations

Related Posts