Introducing Relia Quest Grey Matter Name Title Relia

  • Slides: 10
Download presentation
Introducing Relia. Quest Grey. Matter Name Title

Introducing Relia. Quest Grey. Matter Name Title

Relia. Quest Grey. Matter Capabilities INTEL • Leverage 40+ open source, DHS, ISAC and

Relia. Quest Grey. Matter Capabilities INTEL • Leverage 40+ open source, DHS, ISAC and commercial feeds to ensure accurate threat detection • Continual evaluation and prioritization to ensure the highest fidelity • Managed and ad hoc threat hunting, leveraging expert analysts and focused campaigns HUNT • Full access to our content library, providing over 600+ threat detection rules the kill chain DETECT • Automated data aggregation across multiple technologies simplify and expedite discoveries • Automate rapid response actions and data enrichment to quickly identify and contain threats • Continual R&D, tuning and enhancements AUTOMATE • Custom developed playbooks by industry experts • Continual insight and support for health monitoring, break/fix and platform integrations • Streamlined data aggregation and visualization across multiple technologies • Exhaustive analysis of all alerts following a proven Cyber Analysis INVESTIGATEMethodology (CAM) • Evolution of the technology platform to ensure solution effectiveness HEALTH

WHAT IS A PRIMARY A technology supported by all capabilities of the Grey. Matter

WHAT IS A PRIMARY A technology supported by all capabilities of the Grey. Matter Solution TECHNOLGY? EXAMPL ES: CUSTOMER SECURITY TEAM SIEM: Splunk, QRadar, Log. Rhythm, Mc. Afee, Arc. Sight SUPPORTED TECHNOLGIES PRIMARY SECONDARY EDR: Carbon Black, Crowdstrike, Cylance SIEM EDR FIREWALLS IDS/IPS EMAIL SECURITY OTHER

WHAT IS A SECONDARY A technology directly supported by one or more, but not

WHAT IS A SECONDARY A technology directly supported by one or more, but not all capabilities TECHNOLGY? of the Grey. Matter solution CUSTOMER SECURITY TEAM SUPPORTED TECHNOLGIES PRIMARY SIEM EDR EXAMPL ES: Palo Alto Firewalls, Blue. Cat IPAM, Microsoft Exchange, AWS S 3, etc. SECONDARY FIREWALLS IDS/IPS EMAIL SECURITY OTHER

EXAMPLE: PHISHING DETECTION INTEL 40+ SOURCES OF THREAT INTEL DECTECT CURATED CONTENT INVESTIGATE ALERT-BASED

EXAMPLE: PHISHING DETECTION INTEL 40+ SOURCES OF THREAT INTEL DECTECT CURATED CONTENT INVESTIGATE ALERT-BASED CROSS PLATFORM DATA COLLECTION AUTOMATE WORKFLOW AUTOMATION HUNT QUERY-BASED CROSS PLATFORM DATA COLLECTION HEALTH Out-of-band health monitoring Applies known phishing intel to SIEM PRIMARY SECONDARY TECHNOLOGY Phishing detection content deployed to SIEM Aggregates SIEM, EDR, and Email Security Data with phishing detection alert Quarantines host using EDR, deletes poisoned emails using Email Server SIEM FIREWALLS IDS/IPS Long-term hunt identifying C 2 traffic from successful phish Proactive health monitoring ensures operational continuity EDR EMAIL SECURITY OTHER