Presentation is loading. Please wait.

Presentation is loading. Please wait.

Introducing ReliaQuest GreyMatter

Published byMika Saarnio Modified over 5 years ago

Similar presentations

Presentation on theme: "Introducing ReliaQuest GreyMatter"— Presentation transcript:

1 Introducing ReliaQuest GreyMatter
This presentation is to provide an update to customers, re-establish our missions and areas we can provide value, and recognize new opportunities for growth Name Title

2 Customers who evaluated alternatives found they did not meet their needs.
The gap with both approaches: Outsource = Consistency without evolution because... MSSP services are not integrated with the customers’ business There is also a lack of transparency and visibility Do-It-Yourself = Evolution without consistency because... Customers are unable to focus on maturing their security program They spend all resources and efforts on managing the disparate solutions in their environment

3 GreyMatter was developed to enable proactive security model management, providing our customers with both consistency and evolution while providing you the ability to demonstrate and enhance your value to your organization. What do we mean by a Security Model? People + Process + Technology At the foundational layer, there is a security team (you) and the security team depends on various technologies and processes to meet to your goals of defending your organization These attributes combine to form a Security Model Drive Consistency & Evolution Provide customers visibility and evolve with their businesses Consistent detection of all relevant info across the enterprise Repeatable, accountable, tech-agnostic delivery method Solution enabled and evolves with the customer’s businesses Demonstrate & Enhance Value Provide actionable insights of an otherwise fragmented noisy environment Optimize customer’s security model

4

5 GreyMatter integrates with customers’ security models to evolve and enhance their existing investments GreyMatter is not replacing any of their existing security infrastructure. Rather it acts as a force multiplier to ensure they are maximizing on these investments, integrating and pulling data from multiple disparate technologies. (reference diagram below). ReliaQuest differentiates technologies as either a primary technology or secondary technology based on the solution’s unique capabilities enabled via the GreyMatter platform

6 ReliaQuest GreyMatter Capabilities
• Leverage 40+ open source, DHS, ISAC and commercial feeds to ensure accurate threat detection • Continual evaluation and prioritization to ensure the highest fidelity • Managed and ad hoc threat hunting, leveraging expert analysts and focused campaigns • Automated data aggregation across multiple technologies simplify and expedite discoveries INTEL HUNT • Full access to our content library, providing over 600+ threat detection rules the kill chain • Continual R&D, tuning and enhancements • Automate rapid response actions and data enrichment to quickly identify and contain threats • Custom developed playbooks by industry experts DETECT AUTOMATE • Streamlined data aggregation and visualization across multiple technologies • Exhaustive analysis of all alerts following a proven Cyber Analysis Methodology (CAM) • Continual insight and support for health monitoring, break/fix and platform integrations • Evolution of the technology platform to ensure solution effectiveness INVESTIGATE HEALTH

7 WHAT IS A PRIMARY TECHNOLGY?
A technology supported by all capabilities of the GreyMatter Solution CUSTOMER SECURITY TEAM EXAMPLES: SUPPORTED TECHNOLGIES SIEM: Splunk, QRadar, LogRhythm, McAfee, ArcSight PRIMARY SECONDARY EDR: Carbon Black, Crowdstrike, Cylance A primary technology integrates with Greymatter AND supports all 6 Greymatter capabilities (Intel, Detect, Investigate, Hunt, Automate, Health) SIEM EDR FIREWALLS IDS/IPS SECURITY OTHER

8 WHAT IS A SECONDARY TECHNOLGY?
A technology directly supported by one or more, but not all capabilities of the GreyMatter solution CUSTOMER SECURITY TEAM SUPPORTED TECHNOLGIES EXAMPLES: PRIMARY SECONDARY Palo Alto Firewalls, BlueCat IPAM, Microsoft Exchange, AWS S3, etc. Secondary technology • Can integrate with Greymatter but does NOT support all 6 Greymatter capabilities • For Example: A firewall, as a secondary technology, is integrated with Greymatter collecting additional data not contained in the SIEM (Investigate) and for automating threat containment (Automate), but we do not monitor or manage the health of the firewall solutions(Health). SIEM EDR FIREWALLS IDS/IPS SECURITY OTHER

9 Example: PHISHING DETECTION
Primary Technology Secondary Technology INTEL 40+ SOURCES OF THREAT INTEL Applies known phishing intel to SIEM DECTECT CURATED CONTENT Phishing detection content deployed to SIEM INVESTIGATE Alert-based cross platform data collection Aggregates SIEM, EDR, and Security Data with phishing detection alert SIEM FIREWALLS IDS/IPS AUTOMATE WORKFLOW AUTOMATION Quarantines host using EDR, deletes poisoned s using Server INTEL Technology: Operationalizes the use of curated threat intel across 40+ sources including indicators of phishing attacks within the customer’s SIEM (e.g. known domains, subjects, file hashes, etc associated with phishing) Ongoing enablement: Assures the integrated use of threat intel in the primary technology, SIEM Analytics: Threat Context measures the quality of threat intelligence and how well it is integrated into alert correlation and post-alert analysis, ensuring threat intel is maximized in its use DETECT Technology: leverages the use of Intel in the customer’s SIEM, looking for these known indicators in log and network activity Ongoing enablement: ReliaQuest engineering develops the Content Library mapped to kill chain and MITRE ATT&CK phases Analytics: Kill Chain Coverage measures a customer’s threat coverage from their applied rules, available rules based on their data sources, and all available rules INVESTIGATE Technology: When the SIEM recognizes phishing activity from applied Content Rules and Intel, Investigate automatically aggregates pertinent data from primary and appropriate secondary technologies to expedite threat qualification Ongoing enablement: ReliaQuest Incident Response performs Tier I triage, leveraging GreyMatter to investigate Analytics: Measuring False Positive Rates will identify rules requiring additional tuning by ReliaQuest engineering AUTOMATE Technology: After quickly qualifying the threat in Investigate, the Security Analyst invokes Automate to quickly quarantine the host with an integrated primary or secondary technology. In this case, leveraging EDR where Automate performs tasks such as determining the endpoint type and the user before executing the action Ongoing enablement: Automation can be performed immediately or with customer permissions Analytics: Mean Time To Response (MTTR) is calculated from the time the alert escalated to when the ticket is closed, recognizing the speed at which each severity is resolved HUNT Technology: Hunt performs long-term (e.g. 90 day, 180 day) searches across DNS traffic to identify any indicators the threat was not fully mitigated Ongoing enablement: ReliaQuest engineering develops and executes managed Hunts for a customer, also helping to review findings HEALTH Technology: Continual out-of-band health monitoring of primary technologies ensures continuity and proactive resolution of parameters that can lead to unhealthy conditions Ongoing enablement: ReliaQuest engineering proactively takes measures based on Health indicators for the customer Analytics: SIEM Health and SIEM Maturity scores measure the current configuration and how well current capabilities are optimized, ensuring full use of the value in the SIEM investment HUNT Query-based cross platform data collection Long-term hunt identifying C2 traffic from successful phish EDR SECURITY OTHER HEALTH Out-of-band health monitoring Proactive health monitoring ensures operational continuity

10

Download ppt "Introducing ReliaQuest GreyMatter"

Similar presentations

Presented by Nikita Shah 5th IT ( )

Presented by Nikita Shah 5th IT ( )
1 1. 2 2 Jeff Hart M2 Technology IT Situational Awareness 2.

Jeff Hart M2 Technology IT Situational Awareness 2.
Real-time Security Analytics: Automating the Discovery, Understanding, and Action Against Advanced Security Threats Neal Hartsell, Vice President Marketing.

Real-time Security Analytics: Automating the Discovery, Understanding, and Action Against Advanced Security Threats Neal Hartsell, Vice President Marketing.
©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.

©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.
© 2004 Visible Systems Corporation. All rights reserved. 1 (800) 6VISIBLE www.visible.com Holistic View of the Enterprise Business Development Operations.

© 2004 Visible Systems Corporation. All rights reserved. 1 (800) 6VISIBLE Holistic View of the Enterprise Business Development Operations.
Optimizing Business Operations Business Priorities Presentation.

Optimizing Business Operations Business Priorities Presentation.
Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?

Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?
©2014 Bit9. All Rights Reserved Endpoint Threat Prevention Charles Roussey | Sr. Sales Engineer Detection and Response in Seconds.

©2014 Bit9. All Rights Reserved Endpoint Threat Prevention Charles Roussey | Sr. Sales Engineer Detection and Response in Seconds.
Alert Logic Security and Compliance Solutions for vCloud Air High-level Overview.

Alert Logic Security and Compliance Solutions for vCloud Air High-level Overview.
Alert Logic Security and Compliance Solutions for vCloud Air High-level Overview.

Alert Logic Security and Compliance Solutions for vCloud Air High-level Overview.
Presenter Microsoft sales representative Audience Business decision makers (BDMs) who are interested in Project Portfolio Management Purpose Introduce.

Presenter Microsoft sales representative Audience Business decision makers (BDMs) who are interested in Project Portfolio Management Purpose Introduce.
Network security Product Group 2 McAfee Network Security Platform.

Network security Product Group 2 McAfee Network Security Platform.
Project Portfolio Management Business Priorities Presentation.

Project Portfolio Management Business Priorities Presentation.
Empowering Organisations to Thrive in the Face of Cyber Attacks An introduction to Resilient Systems Paul Ayers – General Manager, EMEA Chris Neely - Director.

Empowering Organisations to Thrive in the Face of Cyber Attacks An introduction to Resilient Systems Paul Ayers – General Manager, EMEA Chris Neely - Director.
A way to develop software that emphasizes communication, collaboration, and integration between development and IT operations teams.

A way to develop software that emphasizes communication, collaboration, and integration between development and IT operations teams.
ECAT 4.1 – Rule Your Endpoints What’s New Customer Overview.

ECAT 4.1 – Rule Your Endpoints What’s New Customer Overview.
Why SIEM – Why Security Intelligence??

Why SIEM – Why Security Intelligence??
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 Juniper Security Threat Response Manager (STRM)

Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 Juniper Security Threat Response Manager (STRM)
Charles Herring Project Lead WitFoo July 14, 2016 Removing InfoSec Noise with Law Enforcement Paradigms Detective Bill Ritch Law Enforcement Advisor WitFoo.

Charles Herring Project Lead WitFoo July 14, 2016 Removing InfoSec Noise with Law Enforcement Paradigms Detective Bill Ritch Law Enforcement Advisor WitFoo.
Tripwire Threat Intelligence Integrations. 2 Threat Landscape by the Numbers Over 390K malicious programs are found every day AV-Test.org On day 0, only.

Tripwire Threat Intelligence Integrations. 2 Threat Landscape by the Numbers Over 390K malicious programs are found every day AV-Test.org On day 0, only.

Similar presentations

Ads by Google