Kaspersky announced today its new offering for
Security Operations Centers (SOCs) that combines the company's competences,
solutions and services with the newly added Red Teaming service, which
evaluates how well internal security teams are prepared for tailored breach
scenarios. This just-added feature will enable enterprises with SOCs to
overcome the cybersecurity issues that concern them the most.
For large organizations, establishing a SOC is becoming
increasingly necessary as a result of the growing number and sophistication of
cyberthreats. However, during this process, organizations often face numerous
barriers that jeopardize the productivity of their security operations
including a shortage of skilled professionals, scarce automation and
integration between various tools, a high number of alerts and a lack of
visibility and context.
A SANS survey of specialists working in SOCs found they are
not satisfied with its performance, but do not have a clear view of how to
improve it. That is why Kaspersky's new integrated offering for SOCs starts
with an analysis of customers' specific needs and pain points, offering
personalization and a deeper understanding of the products and services that
are needed. Services such as Kaspersky EDR, Kaspersky Anti Targeted Attack,
and Kaspersky Threat Intelligence
with continued support from Kaspersky's industry-leading threat hunting and
incident response teams.
Finding and eliminating weaknesses
Weaknesses
in a company's protection are not always in its infrastructure but can often be
found in its processes. These flaws range from overlooked alerts to
analyst issues when communicating information about an alert after a delay
without complete details. Because of these issues, cybercriminals can go
unnoticed for a longer period of time increasing their chance of a successful
attack.
Kaspersky Penetration Testing presents a tailored assessment
of customers' existing security operations with the newly added Red Teaming
feature, which offers a simulation of threat intelligence-driven attacks.
Experts from Kaspersky determine how adversaries are likely to behave according
to customer characteristics like industry, region and market, and mimic their
actions to evaluate SOCs and incident response team's readiness to detect and
prevent attacks. In addition to offering an assessment of the defensive team's
capabilities, Kaspersky also offers workshops detailing gaps in defensive
processes and recommendations on how to enhance them.
Closing existing gaps in SOC readiness
Building and maintaining a SOC is a long-term process with
various difficulties that can emerge along the way. Kaspersky provides guidance
in identifying key issues and offering comprehensive solutions and services to
address them, including:
- Kaspersky Threat Intelligence provides SOC teams with
information on tactics and techniques that malefactors around the world
leverage. These services include: Kaspersky Threat Data Feeds, Kaspersky
APT Intelligence Reporting, Kaspersky Financial Threat Intelligence
Reporting, Kaspersky Threat Intelligence Portal and Tailored Threat
Intelligence Reporting, outlining a customer-specific picture of threats.
- Kaspersky CyberTrace, a threat intelligence fusion and analysis tool,
improves and accelerates prioritization and initial response to incoming
alerts by matching the logs forwarded by a security information and event
management (SIEM) system with any threat intelligence feed used in a SOC.
The tool evaluates the effectiveness of each feed and provides real-time
'situational awareness' allowing analysts to make timely and better
informed decisions.
- Kaspersky Cybersecurity Training programs on malware
analysis, digital forensics, incident response and threat detection help
SOCs grow their in-house expertise in these areas, enabling fast and
effective response to complex incidents.
- Kaspersky Managed Protection and Incident Response
services,
allow SOCs to outsource or complement their
existing incident investigation, response and threat hunting capabilities,
if they lack certain expertise or specialists internally.
- Kaspersky Anti Targeted Attack and Kaspersky EDR
are solutions that focus on complex threats and help to strengthen the
SOC, enabling deeper analysis and faster incident response. The solutions
provide automation of defense processes, including attack discovery,
analysis and response, and full visibility of the infrastructure, and
serving as sources of relevant logs for a SIEM system, which gives SOC
analysts the time and resources to proactively hunt for threats and
respond to more complex incidents.
"Running a SOC does not simply come down to
implementing a SIEM," says Veniamin Levtsov, vice president of corporate
business, Kaspersky. "To be effective, it should be surrounded by relevant
processes, roles and playbooks. It should also be equipped with connectors to
logs and events sources, effective correlation rules and fed with actionable
threat intelligence. Without understanding the main barriers, CISOs cannot
outline a SOC's development roadmap. That's why we carefully analyze the
customer's needs and pain points, assess existing cyber security systems
maturity and identify gaps so that we can recommend the optimal solutions and
service packages."