Fortify YOUR Defense with Cyber Sponse Adaptive Security

Fortify YOUR Defense with Cyber. Sponse Adaptive Security 1

What is Security Orchestration Automation & Response? Why do I care or need it? 2

What are the key things Security Teams should look to automate? • • Multiple Logins Attempts Auth Events SIEM Rules Alert Email Phishing Endpoint Infections Hunt, Block & Tackle Incident Response Mission: Block Malicious Intent or Close as False Positive What are the key elements needed to be ready for SOAR? • 3+ Security Tools • 3+ Security Staff 3 Source Target Response Who is? Asset? Block IP Geolocation? Owner? Disable Account Reputation? Cause? Patch Vulnerability Threat Intel? Who else? TTR Status Next 12 Mins? False Positive? 100+ alerts in queue

Challenges that SOAR Solves in Current Environment Alert Fatigue Slow Response Times Challenges § § § 4 Alerts Overload § Lenient Rules > False Positives > Alert Fatigue § Strict Rules > True Negatives > Weak Security Multiple, Disintegrated Tools § Fact: You would easily have 18 to 25 products to deal with § Question: How many SIEM or Firewalls can you learn? Manual and Inconsistent responses causing weak security posture Lack of Collaboration Solution: SOAR augments human analyst Single Pane of Glass to manage all activities of SOC § Measure and Boost SOC Efficiency § Deliver consistent investigation and response § Leverage automation without programing skills Salient Features and Use Cases § Integrated with SIEM to receive, respond and close the alert § Automated Triaging, Enrichment, Investigation and Remediation § Investigations for Phishing, C&C, Data Exfiltration etc. § Automated Remediation with human approval § Integrations with 250+ products, 3000+ actions

SOAR’s Integrate your SOC with diverse tools Ingest Enrich Triage Contain Remediate Investigate § 250+ Connectors, 3000+ Actions 5

Why you want an Incident Response and Automation Platform Incident Response Platform § § Highly Configurable Role based Access Multi-Tenant Case Management § § § 6 Highly configurable platform Contextual Data Visualization Build your own Modules Orchestration & Automation SOAR Platform Automated Playbooks § § § Visual Playbook Designer, Out of Box Connectors, Real Life Use Case’s Reference Content § Playbooks § Connectors/Integrations Multi Tenant § § Distributed/Federated Architecture Control Access to Data and Playbooks

SOAR’s Automate Information Flow & Incident Response Action Orient Gauge the Impact § Block URL, IP, Domain, File hash § Disable User Account § Reset Password Integrations e. Mails SIEM Alerts Other Alerts (EDR, IDS etc) Actionable Data 7 Observe Enriched contextual data from § Threat Intel, § Asset Management, § User Directory, § Historical Data SOAR Alert Record Decide Manual Decisions, Tasks, Approvals Response Playbooks

FASTER RESPONSE INCREASE MORALE MANAGE ALERTS Time Spent Time Cost Savings Annually Savings (Hours) Savings (%) ($150/h) 0% $0. 00 75% $180, 000 98% $472, 800 Time Per to Complete Weekly Incidents 45 50 390 0 Manual minutes Incidents hours 22 75 190 200 Semi-Automated minutes Incidents hours 1. 4 100 12 378 Automated Minutes Incidents hours Threat Window 8 Cost Savings How to Obtain a Security Operations ROI with SOAR

Explore Cy. OPs Community Edition TM Reach us at Sales@Cyber. Sponse. com Manage: Alerts, Incidents, Indicators, Tasks across Tenants Measure: MTTD, MTTR, ROI, Reports, Dashboards Respond: Automate, Visual Playbook Designer, Out of Box Connectors Solutions: SOC Automation, Vulnerability Management and BYOS 9
- Slides: 9