Effective Incident Response Security Orchestration and Automation - - PowerPoint PPT Presentation

effective incident response
SMART_READER_LITE
LIVE PREVIEW

Effective Incident Response Security Orchestration and Automation - - PowerPoint PPT Presentation

Jun 27, 2023 271 likes •477 views

Effective Incident Response Security Orchestration and Automation (SOAR) Miguel Carrero Tammy Tolbert MicroFocus ArcSight and Siemplify Addressing the needs of SOCs, including: Relieving resource constraints by automating

slide-1
SLIDE 1

Effective Incident Response

Security Orchestration and Automation (SOAR)

Miguel Carrero Tammy Tolbert

slide-2
SLIDE 2

MicroFocus ArcSight and Siemplify™

  • Addressing the needs of SOCs, including:
  • Relieving resource constraints by automating routine/repeatable

tasks

  • Consistency in handling of incidents through workflow automation
  • Extending reach to other enterprise tools to take action
  • Extending reach to other tools to gather additional information
  • Siemplify Integrations supported for both ArcSight ESM and

Investigate

slide-3
SLIDE 3
slide-4
SLIDE 4

INVESTIGATION

Helping analysts make faster, better decisions through visualization, context and more

REPORTING AND INSIGHTS

Measuring and tracking SOC KPIs to improve operations

SOC WORKBENCH

Managing a broad spectrum of SOC activities beyond playbooks and alert handling

SOAR Building Blocks

ORCHESTRATION & AUTOMATION

Integrations, playbooks, playbook builder, machine Learning

company confidential

slide-5
SLIDE 5

The Only Powerfully erfully Si Simple mple SOAR Platform

Simple and Intuitive SOC Workbench loved by analysts Powerful automation and

  • rchestration engine that can be

highly customized

slide-6
SLIDE 6

Life Today – Without Security Orchestration

Detect Security Tools ArcSight ESM/ ArcSight UBA Correlate & Alert Data Gathering / Triage ArcSight Investigate Analysis & Decision Response Report Revise & Improve

slide-7
SLIDE 7

Life with Siemplify SOAR

Detect Security Tools ArcSight ESM/ ArcSight UBA Correlate & Alert Data Gathering / Triage ArcSight Investigate Analysis & Decision Response Report Revise & Improve!

E F F I C I E N C Y S AV I N G S

slide-8
SLIDE 8

Siemplify – MicroFocus Integration

slide-9
SLIDE 9

Delivering the Intelligent SOC With Siemplify and ArchSight

  • Cluster, Enrich, and Contextualize alerts
  • Consistently execute security processes

and workflows

  • Automate and optimize machine driven

and human response

  • Deliver comprehensive SOC visibility, case

management, KPI’s a business intelligence

  • Contextually enhance ArcSight cases

and accelerate investigations

slide-10
SLIDE 10

Use Case – Siemplify and ArcSight ESM

  • Attacker gains access to network (via phishing email)
  • Attacker delivers malicious payload
  • Attacker tries to escalate privilege by guessing admin password (3 failed attempts)
  • ArcSight records, analyzes and passes this information to Siemplify
  • Siemplify visually maps and correlates all three events above and allows the SOC

analyst to analyze the threat and respond by blocking the URLs, hashes as well as disable the account and close the ticket

slide-11
SLIDE 11

Information Passed by ArchSight to Siemplify

Failed Login Alerts correlated by ArcSight and passed to Siemplify

slide-12
SLIDE 12

What the Analyst Sees in Siemplify

Phishing Email with Suspicious attachment Malware Detected Added Context Automated response using pre-defined playbooks Multiple failed logins Additional Entity based Context

slide-13
SLIDE 13

How Siemplify Correlates These Events Through Visual Investigation

Malicious Playload Failed Login Attempts Suspicious Email

slide-14
SLIDE 14

Automated Response with Siemplify

Malicious Playload Block URL and Hash Disable Account

Playbook to handle Phishing threats Automated Actions to Speed up Response

slide-15
SLIDE 15

120+ Integrations

Pre-packaged with our expertise Easily extensible with yours

80+ Playbooks

slide-16
SLIDE 16

The Siemplify SOAR Platform

Alert clustering = up to 80% case reduction Intuitive, visual and FAST investigation Same analyst works a threat-oriented case Playbooks run on a single threat-oriented case Manage day-to-day security operations from a single workbench

slide-17
SLIDE 17

Only Siemplify Delivers

Work fewer cases and focus on what matters the most with streamlined case handling Make faster, more accurate decisions with rapid case investigations to reduce dwell time and MTTR Go beyond automation to unify your SOC on a platform built on deep security operations expertise

  • Alert clustering
  • Case insights
  • Case management
  • Collaboration
  • Crisis Management

3x OPERATIONAL EFFICIENCY AND 3x FASTER INVESTIGATION COMAPRED TO OTHER SOAR SOLUTIONS! Faster Answers A Complete SOC Workbench

  • ML-based threat prioritization
  • An easy-to-use interface that

allows even entry-level analysts to deliver high-value work

  • Contextual analysis
  • Visual investigation
  • Analytics and reporting

Maximum Operational Efficiency

slide-18
SLIDE 18

Q&A

slide-19
SLIDE 19

Thank You