OPIsrael And The Value Of Next Generation SOCs - PowerPoint PPT Presentation
Title:
OPIsrael And The Value Of Next Generation SOCs
Description:
With conventional security operations, attacks like #OPIsrael can be overwhelming. The attacks often originate from multiple regions and involve multiple actors, making detection more difficult for the typical tier-1 security analyst. Visit - – PowerPoint PPT presentation
Number of Views:28
Title: OPIsrael And The Value Of Next Generation SOCs
1
OPIsrael And The Value
Of Next Generation SOCs
2
Introduction
- Today is an excellent opportunity to see how next
generation SOC platforms are changing enterprise
security. One of the biggest organized cyber
attacks against Israeli organizations, OPIsrael,
is scheduled for today. Its the kind of scenario
that can overwhelm conventional security
operation centers (SOCs) and one that brings out
the value of the Siemplify platform. The Nature
of the Threat The majority of attackers
participating in OPIsrael are hacktivist groups,
like Anonymous. They will primarily be looking to
launch distributed denial-of-service (DDOS)
attacks against Israeli-related sites and
publishing personal information (mainly credit
card details)
3
DDoS Attacks DDoS Tools
- With regard to the attack vectors, we assume the
attackers will attempt to carry out DDoS attacks
or leak the databases of small Israeli websites
(based on past experience, most of the data
leakage will be recycled from previous
campaigns). We also believe they will use
familiar or self-developed DDoS tools, as well as
malware based on njRAT, which is very popular
among Arabic-speaking hacktivists. It is also
possible that there will be attempts to infect
Israeli end-points with Ransomware via emails
with malicious files during this campaign.
Moreover, attackers sometimes spoof an internal
email address to alleviate the concerns of
potential victims. SenseCy, a threat
intelligence company
4
So Many Attacks, So Little Information
- With conventional security operations, attacks
like OPIsrael can be overwhelming. The attacks
often originate from multiple regions and involve
multiple actors, making detection more difficult
for the typical tier-1 security analyst.
5
OPIsrael Effort
- Threat intelligence service providers have been
monitoring the OPIsrael effort and their reports
could be a significant asset in fighting such
cyber threats. Practically, though, threat
intelligence reports are consumed by threat
intelligence investigators in conventional SOCs
not the tier-1 security analysts triaging
incoming security alerts. And DDOS triggers an
enormous number of alerts. The alerts appear to
the security analyst as rows-upon-rows of
independent entries in the spreadsheet-like
interfaces of their SIEMs. Analysts are left
having to sift through those entries, researching
and analyzing each one. They struggle with
understanding the strategic picture, the
connection between the alerts and the importance
to the business.
6
Stop Working From Alerts
- Always at risk is the possibility that they will
miss the few truly critical alerts, amongst the
thousands of others, indicating the bigger
threats data exfiltration attempts or critical
system penetrations. Stop Working From Alerts
Instead of triaging thousands of security alerts,
tier-1 security analysts in next generation SOC
work from a prioritized list of cases. Cases
are visual representations of the attack chain,
synthesizing information from many sources
including - The significant alerts from the SIEM
- Threat intelligence reports
- Active Directory information, and business
intelligence information
7
DDOS Attack Security Analysts
- Alone, shifting from alerts to cases is a
paradigm shift. Siemplify customers see the
workload of their tier-1 security analysts
decrease significantly, more than 90 percent in
at least one instance. The tier-1 analyst in a
next generation SOC can also investigate many of
those cases, a function usually reserved for more
senior analysts. The Siemplify platform lays out
the entire attack chain as a visual storyline.
Analysts investigate a threat simply by clicking
on an icon and pivoting off of the object.
Gathering information from data stores is also
simpler than in conventional SOCs. Analysts
retrieve data by filling in forms not by writing
complex queries.
8
Siemplify Platform
- Building accurate and reliable cases requires a
robust backend. With Siemplify, advanced data
science algorithms analyze the enormous amount of
networking- and security-related information that
may be relevant to the alert. A graph database
helps understand the relationships between users,
applications and networking objects. Together,
the two automatically identify the significant
security events.
9
Cases Aggregate Related Alerts
10
Think Strategically
- By taking a strategic view, security teams become
more efficient. They focus on what matters,
first. They analyze threats faster and respond
quicker. With DDOS, for example, analysts can
remediate an attack by blocking a pattern of
attacks emanating from a region at the click of a
button.
11
References
- https//www.siemplify.co/blog/opisrael-and-the-val
ue-of-next-generation-socs/ - https//www.siemplify.co/security-orchestration-au
tomation/ - https//www.siemplify.co/security-automation/
Recommended
CrystalGraphics Presentations
