1 / 22

To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?

"With cybersecurity threats continuing to grow faster than security budgets, CISOs, CIOs and SecOps teams are left at a dangerous disadvantage.<br>Even enterprises running their own Security Operations Centers (SOCs) find the perennial shortage of skills, tools, and other resources stops them from realizing the full value of investments. Rather than struggle to find u2013 and hang on to u2013 top talent with hands-on experience across network and cloud security, mid-sized enterprises are instead opting for SOC-as-a-Service offerings."<br>Learn more at: https://security.netenrich.com/intelligent-soc/

LukeVanderwall
Download Presentation

To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Netenrich SOC as-a-Servicea zero- intervention platform for threat detection and response. AI-driven, human-led. ©2020 Netenrich, Inc. All rights reserved.

  2. SOC and Business Alignment Source: Improving the Effectiveness of the Security Operations Center, Ponemon Institute 2019, ©2020 Netenrich, Inc. All rights reserved.

  3. Why Not Aligned? Challenges Skilled people Tooling Automation Source: Improving the Effectiveness of the Security Operations Center, Ponemon Institute 2019, Private and confidential © Netenrich, Inc.

  4. SOC Comes with SIEM Challenges A good security analyst can investigate PEOPLE 15 suspicious alerts per day • Throwing people at alert volume = a high ops cost • Alert fatigue • Strained Security Ops to discover 1 or 2 actionable alerts per shift PROCESS Base use cases create a flood of alerts with • Lacking context • Emerging threats go undetected • Event investigation workflows are largely manual 1,000+ suspicious events per 50M log events per day TECHNOLOGY An average enterprise uses • Siloed products • Teams lack real time threat intel • Multi-vendor environment makes compliance complicated 32 different security vendors Private and confidential © Netenrich, Inc.

  5. SOCaaS Helping Security Evolve Vulnerability assessments Web application scanning PCI DSS ASV scanning 24 X 7 security monitoring 24 X 7 incident escalation with remediation guidelines Threat intelligence Penetration testing Compliance reporting Network flow behavior analytics User behavior analytics Services Delivered External security assessments Log management – 1 year Insider threat monitoring STAGE 1 STAGE 2 STAGE 3 STAGE 4 • Reactive culture • Product-based solutions • Focus on simple perimeter defense • No visibility • Absence of KB, metrics, reporting • Project backlog • Additional Tools (IDS/IPS, AV) for detection and prevention • Basic reporting, visibility • Creation of security policies • Mature asset assessment • Asset prioritization • Repeatable security framework • Routine security engagements • Improved metrics, reporting • Basic security logging • Mature IR plan with routine testing • Proactive analysis of log data • Automation for security operations • Device and services hardening • Mature runbook, process plan • Real-time threat Intelligence • Actionable recommendations Customer maturityscale Private and confidential © Netenrich, Inc.

  6. Unique Value Addresses Pain Points Deep context w/ proprietary intel Dedicated team of experts Enhanced automated analysis Built in models/use cases Custom collector & log retention Source: Improving the Effectiveness of the Security Operations Center, Ponemon Institute 2019, ©2020 Netenrich, Inc. All rights reserved.

  7. SOCaaS Architecture • Netenrich SOC • Netenrich Security Platform • SIEM set-up • 24 X 7 security monitoring and incident response • Skilled SOC Analysts • Threat intelligence • Standardized Delivery Model • Custom Dashboard & Widgets • Tailored Reporting + Alerts • Periodic Maturity Assessments Level 1: Eradication of false positives Single Pane of Glass with Standardized Dashboard • Client’s ITSM solution 2 way - Incident Automation Level 2: Threat intel on in-built QRadar alerts • IP enhanced IBM QRadar implementation • Proprietary Integration • AI Based Analysis & Filtering • Custom Business Context Use cases • AI Augmented Actionable Alerts • False Positive Reduction • Log Retention Qualified security incidents with remediation guidelines • Custom Built Log Collector • Custom Shipper • Extended Security Monitoring • Provides EPS Reduction • Proprietary Connectors • Rapid Onboarding Framework • Direct ingestion of Logs to Cloud collectors On-prem | Cloud | Custom Application Support CSIRT PROBLEM SOLVERS Private and confidential © Netenrich, Inc.

  8. ©2020 Netenrich, Inc. All rights reserved.

  9. ©2020 Netenrich, Inc. All rights reserved.

  10. ©2020 Netenrich, Inc. All rights reserved.

  11. ©2020 Netenrich, Inc. All rights reserved.

  12. ©2020 Netenrich, Inc. All rights reserved.

  13. ©2020 Netenrich, Inc. All rights reserved.

  14. ©2020 Netenrich, Inc. All rights reserved.

  15. ©2020 Netenrich, Inc. All rights reserved.

  16. ©2020 Netenrich, Inc. All rights reserved.

  17. Netenrich SOC – Technical Metrics • 150+ clients • 5000+ devices • 30k+ EPS SUSPICIOUS EVENTS EVENTS THAT TRIGGER REVIEW ATTACKS FROM ABUSIVE ATTACKERS ACTIONABLE SECURITY EVENTS PER DAY 100 Million Security Events Monitored Per Day Mid-Level Alerts Correlated with Database Low Level Alerts- e.g.: Port Scan Very High-Level Alerts Investigated by SOC Analyst High-Level Alerts- SOC Analyst Filter Out Lower Priority Events 250,000 Correlate Criticality of Attacks 5,000 Advanced Correlation Content & Threat Intelligence 25 - 50 2-5 Apply Content Rules & SOC Analysts Investigate

  18. SOCaaS Enabling Your Team Source: Improving the Effectiveness of the Security Operations Center, Ponemon Institute 2019, ©2020 Netenrich, Inc. All rights reserved.

  19. Cost vs Outcomes 40% reduction in EPS 50% faster onboarding 35% reduction in SOC cost Enhanced detection Elastic consumption (data management) Only contract the business outcomes you need ©2020 Netenrich, Inc. All rights reserved.

  20. Realign with the Business Enable your people Decrease risk while reducing cost Bridge skills gaps Optimize consumption Drive outcomes ©2020 Netenrich, Inc. All rights reserved.

  21. Hotel Chain Operating 13,063 Rooms Across 80 Locations in 7 Countries STANDARD SERVICE LEVEL | MANAGED SECURITY SERVICES 250+Onboarded 250+ devices in less than 15 business days 40%Reduction in false positives by our AIOps engine 30+Custom use cases built per customer needs Integrated with AWS and Azure native security solutions Integration with problem management workflows for faster remediation Ingested customers’ threat feeds into Netenrich Security Private and confidential © Netenrich, Inc.

  22. Let’s Engage! Thank you! www.netenrich.com Our Cybersec Strength • 150+ Managed Security Services customers • 100+ best-in-class security specialists • 60+ R&D folks for Security products • 3 global delivery centers ©2020 Netenrich, Inc. All rights reserved.

More Related