Title: Seceon OTM Platform : JK Technosoft
1A Seceon Partner
Seceon OTM Platform An overview of how the Seceon
OTM platform can quickly and accurately surface
threats within your environment.
2An overview of how the Seceon OTM platform can
Quickly and accurately surface threats within
your environment.
3Executive Summary The sophistication and volume
of insider threats and targeted cyber-attacks is
greater than ever. Despite significant security
investments, companies are increasingly at risk
for catastrophic breaches. These breaches impact
business operations and result in both direct
and indirect costs. Recent publicized breaches
have shown these costs range in the hundred
millions, when mitigation, fines and brand value
impact are considered. As a result, for the first
time, CEOs and corporate boards are
contemplating issues historically reserved for
CISOs and CIOs. As weve seen in countless,
high-profile breaches, were losing the fight
against hackers because our defenses are
increasingly obsolete. Traditional security
technologies are incapable of addressing todays
targeted threats. Time and time again
adversaries demonstrate their ability to slip
past the most hardened perimeters.
Cybercriminals and cyber spies have moved beyond
exploiting known vulnerabilities and using known
malware. Theyre morphing malicious behavior in
never-before- seen ways learning your people,
processes, technologies, and supply chains and
impersonating authorized users - sometimes using
no malware at all. These techniques allow
adversaries to pass through perimeter defenses,
evade detection technologies like IDS, IPS and
NGFW, and bypass configuration monitoring,
compliance, vulnerability and patch management
controls. They can overrun SIEM and log analysis
products that fail to prioritize alerts and
frequently miss critical security events, even
when they have already occurred. The silent
threat None of todays traditional solutions
deal with one of the most harmful threats the
Insider threat. Verizon surveyed large to
mid-sized enterprises in their 2016 Threat
Report4 and determined that insiders accounted
for 40 of acknowledged threats found. In fact
it found that loss of credentials and insider
attacks accounted for 75 of all reported data
loss! Weather an outsider using stolen
credentials or an insider using their own or
someone elses credentials are using legitimate
credentials and will not be picked up by SIEMs,
DLPs, endpoint solutions or other traditional
security measures. Clearly, internal and cyber
security is at a tipping point. To win against
todays and tomorrows threats, enterprises must
employ a new way of thinking. Seceon believes
its time to turn the game around. This means
analyzing the situation from the attackers
perspective, understanding their goals, tactics,
and techniques, and letting this new vantage
point inform your defenses. This strategy is
embodied in the Seceon OTM Platform - the
industrys first behavioral detection and
response platform that delivers early warning,
instant detection, and active remediation to all
threats. With its adversary intelligence,
state-of-the-art threat detection algorithms,
and guided incident remediation, Seceon OTM
Platform instantly detects and actively responds
to threats.
4This white paper details modern security
challenges and describes how the Seceon OTM
Platform enables our customers to surface threats
proactively and auto respond to them in
real-time. INTRODUCTION While big names such
as Anthem, Sony, Scottrade, Erade, Home Depot,
JPMorgan Chase, and Target have garnered
national headlines following extensive data
breaches, the truth is that more than 80 of
U.S. companies experienced a successful insider
or cyber-attack1 Attacks have become so
widespread that virtually no industry today is
immune to this new reality. Banking,
manufacturing, retail, healthcare, travel, and
other sectors face compromise and the ensuing
reputational and financial damages. Simply put,
adversaries are outpacing security teams and
their current security measures. By all
accounts, security experts expect the number of
attacks to continue growing. For now and the
foreseeable future, threat actors have the upper
hand against many organizations by wielding
targeted, sophisticated attacks that often go
undetected by layers of security
technologies. Once considered to be strictly an
IT problem, cyber security is now a C-level and
board- level concern. Given the state of
heightened attention to cyber-attack risk, CIOs,
senior IT decision makers, and CISOs are now
making cyber security a top priority. In fact, a
survey by Piper Jaffray shows that is now the top
spending priority for CIOs, with an impressive
75 percent indicating that they would increase
spending in the coming years2. However, unless
this spending is informed by a new philosophy, it
will likely just add another porous layer to the
existing pile of ineffective security
products. To be effective, that investment must
include the deployment of novel methods for
protecting digital assets from internal as well
as external cyber threats. The status quo of
traditional, signature-based or malware-analysis
defenses have proven to be woefully inadequate
at preventing successful attacks.
1CFO Survey June 2015 - http//www.cfosurvey.org/2
015q2/press-release-hacking.pdf 2Piper Jaffray
2015 CIO Survey
5Targeted Attacks are on the Rise In 2015, for the
first time, cyber security was a major topic in
the annual State of the Union address. High-prof
ile breaches dominated headlines for the last 18
months, highlighting the reality that
catastrophic cyber-attacks have become. At their
worst, these attacks arent opportunistic
endeavors that leverage routine malware. They are
targeted attacks with the goals of stealing
confidential data or damaging business
operations. As a result, the costs inflicted by
targeted attacks can be enormous, spanning
financial and reputational damages. According to
the Ponemon Institute, the average cost of a
data breach in 2016 was 4 million. After its
breach was made public, Target projected more
than 148 million in damages, which is likely an
optimistic estimate3. Todays advanced
adversaries construct attacks specifically
designed to bypass the defenses of a chosen
target. These attacks are stealthy and designed
to move laterally within an organization for
weeks or months once they penetrate the
perimeter. Their presence remains undetected for
an average of 200 days, according to breach
reports4. Bypassing Endpoint Security Despite
wielding the latest AV signatures, performing
diligent patch management, and purchasing the
latest malware detection engine, even the most
advanced organizations fall victim to targeted
attacks. Why? The answer is that the
sophistication of attackers continues to outpace
the sophistication of so-called next-generation
defenses. Techniques that were once only
available to state-sponsored attackers are now
easily employed by criminal syndicates and hacker
groups. Malware and exploit kits, which are
growing in popularity and availability, provide
attackers with easy methods to customize and
obfuscate signatures to bypass signature-based
security measures and rudimentary malware
analysis solutions. Combining this with
quick-turn exploitation of public
vulnerabilities, or zero-day exploits, provides
a fully weaponized end-to-end capability to
anyone with modest means and malicious
intent. This continual permutation of
polymorphic signatures allows attackers to remain
virtually undetectable by the majority of
conventional security defenses, due to their
reliance on legacy detection techniques such as
hashes and IP blacklisting. To avoid detection
within sandboxes or virtualized solutions, many
malware.
3Cybersecurity Hindsight and a Look Ahead at
2015, Yoav Leitersdorf and Ofer Schreiber,
TechCrunch, December 28, 2014 4 2016 Verizon
Threat Report
6Increased complexity and frequency of attacks
elevate the need for enterprise- scale incident
response, APT investigations and a rapid forensic
process. --Gartner-- Turn the Game Around
Think like a Hacker Its no wonder then that a
recent survey reports that two-thirds of
respondents are evaluating new endpoint
solutions to augment or replace their existing
endpoint defenses. But what new endpoint defense
is really effective against these more
sophisticated attacks? How can CISOs and CIOs
improve their companies defenses, detect
threats faster and more accurately, and contain
attacks before real damage is done? The answer
is to start thinking like an attacker and to take
advantage of lessons learned from those who have
studied sophisticated adversaries. When most
security experts say think like an attacker
they are advocating penetration testing
activities to identify weaknesses in your
security systems. However, to be truly effective
in thwarting targeted attacks, we need to go a
step further. We need to get into the mind of an
attacker and understand their goals, tactics, and
techniques in essence their behavior. Througho
ut their training and operational experience,
military commanders are taught to turn the game
around in order to understand any situation from
the perspective of their adversary. By doing so,
one can begin to understand the adversarys
strengths and weaknesses and formulate actions
and defenses backed by this insight. In the
cyber domain, the same strategy is beneficial
when defending digital assets. By venturing
over to the dark side of the Internet, cyber
security experts can better understand the
goals, techniques, tools, and targets of bad
actors. From underground hacking forums to
online markets hawking cybercrime platforms in
China, Russia, or Brazil, these experts learn to
think like a hacker. With that insider
intelligence, and a better understanding of the
attackers advantage, they can help their
organizations identify unknown threats that are
missed by legacy defenses and respond more
quickly and effectively to get between the
attacker and the asset or between the asset and
the exit. While this approach is undoubtedly
whats needed to counter todays targeted
attacks, its unrealistic to think that hiring
dozens or hundreds of specially trained and
experienced cyber security experts is the answer
for enterprises. How then can a retailer,
manufacturer, financial services provider,
telecommunications provider, healthcare, energy,
or other type of company harness this type of
intelligence to protect its digital assets from
bad actors around the world? Thats why theres
the Seceon OTM Platform.
Seceon and the Seceonl
logo are registered trademarks of the Seceon,
Inc. in the US and/or other countries. Other
marks and brands may be claimed as the property
of others. The product plans, specifications and
descriptions herein are provided for information
only and subject to change without notice, and
are provided without warranty of any kind,
express or implied. Copyright 2016 Seceon, Inc.
7The Evolution of the Seceon OTM Platform With the
Seceon OTM Platform, you get behavioral based
threat detection and response that combines deep
adversarial with advanced analytics to detect
sophisticated threats and respond faster to
internal and cyber-attacks. By thinking like a
hacker, Seceon OTM Platform looks for threats in
ways other products dont, by anticipating the
attackers behavior choices the solution reduces
the hackers advantage. The result is instant
detection and real-time response with impact
indication. Seceon OTM Platform analyzes hosts,
network devices, application and user behavior
to rapidly detect the presence of internal risk
and cyber-threats thus accelerating response,
preventing damage and loss. Heres how it works
- Collection Control Engine (CCE) Seceon sensor
can reside on monitored endpoints or on its own
for remote collecting device and application log
data, network flow data out side the data path,
with no impact on host, device or application
performance. Seceon CCE Sensors monitor
thousands of activities along with attributes,
including user, system, application, file and
network connections funneling observations back
to the Seceon APE. The CCE also has the ability
take action on an internal or cyber threat after
receiving instruction from the APE. - Analytic Processing Engine (APE) Seceons
cloud-based analytic engine aggregates
application, network, file, and configuration
details from all sensors and devices. Using
context-based behavioral analysis and machine
learning modeling, suspicious behavior is
quickly identified, and tracked in real time as
it evolves. This
8- includes correlating threat activity that is
related and part of the same chain of activity.
Real-time visualization identifies malicious
behavior, and compromised or targeted hosts,
applications, and devices, enabling an operator
to act in time. - Seceon Automated Response The Seceon OTM
Platform guides your security team enabling
fast, effective investigation and response
without requiring expert-level skills and
knowledge. It produces guidance that dramatically
reduces the signal-to-noise ratio, empowering
security teams to take control in real-time. - Seceon Threat Intelligence Seceon OTM Platform
is powered by more than 40 best of breed threat
intelligence feeds. Our platform has the ability
in real-time to aggregate and distill the most
critical threat intelligence from these feeds
identify evolving threats, giving our customers
the earliest warning of new techniques, and the
technology stacks they are targeting, by industry
and geography. This intelligence is used as
threat model input by the Seceon Analytics
Processing Engine to identify and prioritize
known and unknown threats that evade traditional
defenses. - Why Seceon
- With the Seceon OTM Platform, you can defend
against targeted attacks with - Organization Wide Situational Visibility
- Seceons approach starts with an ability to
monitor all activity on the network and on the
critical devices which host or provide access to
high value information. Seceons CCE application
collects, digests and turns monitored devices log
and network flow data into meaningful
information. It summarizes activities and passes
this meta data back to the centralized APE to be
put through it threat detection and prediction
analysis processes. The CCEs lightweight
software application can run in virtualized as
well - as cloud environments. The CCE can be distributed
to monitor thousands of activities and
attributes, including user, system, application,
file and network connections, with minimum
network performance impact. - Real-time Detection
- Seceons cloud-based Analytic Processing Engine
aggregates application, network, host, file,
user, and configuration details from all CCE
sensor. Using machine learning, which feeds
threat models that correlate activities into
context-based behavioral analysis, suspicious
behavior is quickly identified and tracked in
real time as it evolves. Visualization
identifies malicious behavior, and compromised or
targeted hosts, device, applications and users
enabling an operator to act in time. - Real-time Response
9The Seceon OTM Platform guides your security team
enabling fast, effective investigation and
response without requiring expert-level skills
and knowledge. It produces guidance that
dramatically reduces the signal-to-noise ratio,
empowering security teams to take control in
real-time. It provides for push button or fully
automated remediation capable of writing policies
to firewalls, switches and routers to block
attacks isolate systems, or to disable and
reestablish a users compromised credentials.
This is a stark difference from the volume of
meaningless and repetitive alerts generated by
traditional security products of which none even
attempt to stop the threats from within the same
application. Real-time Response Seceon OTM
Platform is powered by more than 50 best of breed
threat intelligence feeds. Our platform has the
ability in real-time to aggregate and distill the
most critical threat intelligence from these
feeds identify evolving threats, giving our
customers the earliest warning of new
techniques, and the technology stacks they are
targeting, by industry and geography. This
intelligence is used by the Seceon Analytics
Processing Engine to identify and prioritize
known and unknown threats that evade traditional
defenses. Conclusion Hackers continue to reach
new levels of innovation and resourcefulness as
they pursue goals of theft or disturbance. These
attackers are schooled in evasive behavior that
eludes the layers of defenses protecting todays
organizations. Signature-based technologies and
so-called next-generation defenses have all
proven inadequate. As a result, victims have
seen both their reputation and financial
performance threatened or severely damaged.
Lastly but most importantly, loss of credentials
or true insider threats need to be detected and
thwarted before critical information is
compromised or exfiltrated. Today more often
than not such loss goes undetected. To reverse
these trends, defenders need better tools that
not only detect such threats before real damage
is done, but do so automatically in seconds
without the need for expert human analysis to
quantify and determine the scope of such threats.
Tools that allow an organizations security
posture to be greatly improved while allowing
staff to spend less time reacting and more time
on proactive activities. By turning the game
around organizations will be able to rapidly
detect and respond to adversaries, mitigating
loss and damage. Seceon harnesses
state-of-the-art behavioral based threat
detection algorithms to detect advanced threats
that traditional defenses miss. With the Seceon
OTM Platform you can take total control. To
learn more about the Seceon OTM Platform, visit
www.jktech.com/solution/cyber-security/
10A Seceon Partner
United Kingdom JK Technosoft (UK) Ltd. Atrium
Court, 100 The Ring, Bracknell, Berkshire,RG12
1BW, United Kingdom
United States Proserve Consulting Inc. 608, Fifth
Avenue Suite 401 New York, NY 10020 USA
India (Delhi) JK Technosoft Ltd. Corp. Head
Office F-2 F-3, Sector-3 Noida - 201301 India
India (Bangalore) JK Technosoft Ltd. GGR Tower,
1st Floor Sy 18/2b , Ambalipura Road,
Ambalipura Village Sarjapur Road, Bellandur Gate
Bangalore East Taluk Bangalore 560 103, India
Tel 44 (0) 121 733 6600 Fax 44 (0) 121 733
3366
Tel 1 212 265 1626 Fax 1 212 586 4067
Tel 91 120 4606200 Fax 91 120 4606277
Tel 91 080- 30598300