Kaspersky’s new offering for Security Operations Centers (SOCs) combines the company’s competences, solutions and services with its Red Teaming service, which helps evaluate how well internal security teams are prepared for tailored breach scenarios.
The combination will enable enterprises with SOCs to overcome the issues that concern them the most.
For large organisations, establishing a SOC is a consistent response to the growing number and sophistication of cyberthreats. According to a Kaspersky survey, one third of enterprises build an SOC to manage their cybersecurity risks.
However, in the process, organisations often face numerous barriers that jeopardise the productivity of their security operations, including a shortage of skilled professionals, scarce automation and integration between various tools, a high number of alerts, and a lack of visibility and context.
A SANS survey of specialists working in SOCs found they are not satisfied with its performance, but don’t have a clear view of how to improve it. That is why Kaspersky’s new integrated offering for SOCs starts with an analysis of customers’ specific needs and pain points, to offer the required set of products and services. This includes Kaspersky EDR, Kaspersky Anti Targeted Attack, Kaspersky Threat Intelligence and Kaspersky Cybersecurity Training portfolio, together with continuous support from threat hunting and incident response teams.
The weakest points in a company’s protection are not always in its infrastructure but can often be in its processes. These range from mis-prioritised alerts, or problems with communicating, when analysts transmit information about an alert after a delay – or not in full. Because of these issues, cybercriminals can stay unnoticed longer; increasing the chance of a successful attack.
That’s why Kaspersky, along with the Penetration Testing service, presents a tailored assessment of customers’ existing security operations – Red Teaming – a simulation of threat intelligence-driven attacks. Experts from Kaspersky determine how adversaries are likely to behave according to customer specifics like industry, region and market, and mimic their actions to evaluate SOC and incident response team’s readiness to detect and prevent attacks. Assessment of defensive team’s capabilities is followed up with workshops detailing gaps in defensive processes and recommendations on how to enhance them.
Building and maintaining a SOC is a long-term process, with various gaps and difficulties that can emerge along the way. Kaspersky provides help in identifying key issues and offering comprehensive solutions and services to address them:
* Kaspersky Threat Intelligence provides SOC teams with information on tactics and techniques that malefactors around the world leverage. These services include: Kaspersky Threat Data Feeds, Kaspersky APT Intelligence Reporting, Kaspersky Financial Threat Intelligence Reporting, Kaspersky Threat Intelligence Portal (a web tool providing access to Cloud Sandbox and Threat Lookup – with the latest and historical threat intelligence gathered by the company) and Tailored Threat Intelligence Reporting, outlining a customer-specific picture of threats.
* Kaspersky CyberTrace, a threat intelligence fusion and analysis tool, improves and accelerates prioritisation and initial response to incoming alerts by matching the logs forwarded by a security information and event management (SIEM) system with any threat intelligence feed used in a SOC. The tool evaluates the effectiveness of each feed and provides real-time ‘situational awareness’, allowing analysts to make timely and better informed decisions.
* Kaspersky Cybersecurity Training programs on malware analysis, digital forensics, incident response and threat detection help SOCs grow their in-house expertise in these areas, enabling fast and effective response to complex incidents.
* With Kaspersky Managed Protection and Incident Response services, SOCs can outsource or complement their existing incident investigation, response and threat hunting capabilities, if they lack certain expertise or specialists internally.
* Kaspersky’s advanced defense solutions are based on a single technological platform, Kaspersky Anti Targeted Attack and Kaspersky EDR. They are oriented towards complex threats and help to strengthen the SOC, enabling deeper analysis and faster incident response. The solutions provide automation of defense processes, including attack discovery, analysis and response, and full visibility of the infrastructure, and serving as sources of relevant logs for a SIEM system, which gives SOC analysts the time and resources to proactively hunt for threats and respond to more complex incidents.
“Running a SOC does not simply come down to implementing a SIEM. To be effective, it should be surrounded by relevant processes, roles and playbooks. It should also be equipped with connectors to logs and events sources, effective correlation rules, and fed with actionable threat intelligence. Without understanding the main barriers, CISOs cannot outline a SOC’s development roadmap. That’s why we carefully analyse the customer’s needs and pain points, assess existing cyber security systems maturity and identify gaps so that we can recommend the optimal solutions and service packages,” comments Veniamin Levtsov, vice-president: corporate business at Kaspersky.