Presentation is loading. Please wait.

Presentation is loading. Please wait.

Introducing ReliaQuest GreyMatter

Similar presentations


Presentation on theme: "Introducing ReliaQuest GreyMatter"— Presentation transcript:

1 Introducing ReliaQuest GreyMatter
This presentation is to provide an update to customers, re-establish our missions and areas we can provide value, and recognize new opportunities for growth Name Title

2 Customers who evaluated alternatives found they did not meet their needs.
The gap with both approaches: Outsource = Consistency without evolution because... MSSP services are not integrated with the customers’ business There is also a lack of transparency and visibility Do-It-Yourself = Evolution without consistency because... Customers are unable to focus on maturing their security program They spend all resources and efforts on managing the disparate solutions in their environment

3 GreyMatter was developed to enable proactive security model management, providing our customers with both consistency and evolution while providing you the ability to demonstrate and enhance your value to your organization. What do we mean by a Security Model? People + Process + Technology At the foundational layer, there is a security team (you) and the security team depends on various technologies and processes to meet to your goals of defending your organization These attributes combine to form a Security Model Drive Consistency & Evolution Provide customers visibility and evolve with their businesses Consistent detection of all relevant info across the enterprise Repeatable, accountable, tech-agnostic delivery method Solution enabled and evolves with the customer’s businesses Demonstrate & Enhance Value Provide actionable insights of an otherwise fragmented noisy environment Optimize customer’s security model

4

5 GreyMatter integrates with customers’ security models to evolve and enhance their existing investments GreyMatter is not replacing any of their existing security infrastructure. Rather it acts as a force multiplier to ensure they are maximizing on these investments, integrating and pulling data from multiple disparate technologies. (reference diagram below). ReliaQuest differentiates technologies as either a primary technology or secondary technology based on the solution’s unique capabilities enabled via the GreyMatter platform

6 ReliaQuest GreyMatter Capabilities
• Leverage 40+ open source, DHS, ISAC and commercial feeds to ensure accurate threat detection • Continual evaluation and prioritization to ensure the highest fidelity • Managed and ad hoc threat hunting, leveraging expert analysts and focused campaigns • Automated data aggregation across multiple technologies simplify and expedite discoveries INTEL HUNT • Full access to our content library, providing over 600+ threat detection rules the kill chain • Continual R&D, tuning and enhancements • Automate rapid response actions and data enrichment to quickly identify and contain threats • Custom developed playbooks by industry experts DETECT AUTOMATE • Streamlined data aggregation and visualization across multiple technologies • Exhaustive analysis of all alerts following a proven Cyber Analysis Methodology (CAM) • Continual insight and support for health monitoring, break/fix and platform integrations • Evolution of the technology platform to ensure solution effectiveness INVESTIGATE HEALTH

7 WHAT IS A PRIMARY TECHNOLGY?
A technology supported by all capabilities of the GreyMatter Solution CUSTOMER SECURITY TEAM EXAMPLES: SUPPORTED TECHNOLGIES SIEM: Splunk, QRadar, LogRhythm, McAfee, ArcSight PRIMARY SECONDARY EDR: Carbon Black, Crowdstrike, Cylance A primary technology integrates with Greymatter AND supports all 6 Greymatter capabilities (Intel, Detect, Investigate, Hunt, Automate, Health) SIEM EDR FIREWALLS IDS/IPS SECURITY OTHER

8 WHAT IS A SECONDARY TECHNOLGY?
A technology directly supported by one or more, but not all capabilities of the GreyMatter solution CUSTOMER SECURITY TEAM SUPPORTED TECHNOLGIES EXAMPLES: PRIMARY SECONDARY Palo Alto Firewalls, BlueCat IPAM, Microsoft Exchange, AWS S3, etc. Secondary technology • Can integrate with Greymatter but does NOT support all 6 Greymatter capabilities • For Example: A firewall, as a secondary technology, is integrated with Greymatter collecting additional data not contained in the SIEM (Investigate) and for automating threat containment (Automate), but we do not monitor or manage the health of the firewall solutions(Health). SIEM EDR FIREWALLS IDS/IPS SECURITY OTHER

9 Example: PHISHING DETECTION
Primary Technology Secondary Technology INTEL 40+ SOURCES OF THREAT INTEL Applies known phishing intel to SIEM DECTECT CURATED CONTENT Phishing detection content deployed to SIEM INVESTIGATE Alert-based cross platform data collection Aggregates SIEM, EDR, and Security Data with phishing detection alert SIEM FIREWALLS IDS/IPS AUTOMATE WORKFLOW AUTOMATION Quarantines host using EDR, deletes poisoned s using Server INTEL Technology: Operationalizes the use of curated threat intel across 40+ sources including indicators of phishing attacks within the customer’s SIEM (e.g. known domains, subjects, file hashes, etc associated with phishing) Ongoing enablement: Assures the integrated use of threat intel in the primary technology, SIEM Analytics: Threat Context measures the quality of threat intelligence and how well it is integrated into alert correlation and post-alert analysis, ensuring threat intel is maximized in its use DETECT Technology: leverages the use of Intel in the customer’s SIEM, looking for these known indicators in log and network activity Ongoing enablement: ReliaQuest engineering develops the Content Library mapped to kill chain and MITRE ATT&CK phases Analytics: Kill Chain Coverage measures a customer’s threat coverage from their applied rules, available rules based on their data sources, and all available rules INVESTIGATE Technology: When the SIEM recognizes phishing activity from applied Content Rules and Intel, Investigate automatically aggregates pertinent data from primary and appropriate secondary technologies to expedite threat qualification Ongoing enablement: ReliaQuest Incident Response performs Tier I triage, leveraging GreyMatter to investigate Analytics: Measuring False Positive Rates will identify rules requiring additional tuning by ReliaQuest engineering AUTOMATE Technology: After quickly qualifying the threat in Investigate, the Security Analyst invokes Automate to quickly quarantine the host with an integrated primary or secondary technology. In this case, leveraging EDR where Automate performs tasks such as determining the endpoint type and the user before executing the action Ongoing enablement: Automation can be performed immediately or with customer permissions Analytics: Mean Time To Response (MTTR) is calculated from the time the alert escalated to when the ticket is closed, recognizing the speed at which each severity is resolved HUNT Technology: Hunt performs long-term (e.g. 90 day, 180 day) searches across DNS traffic to identify any indicators the threat was not fully mitigated Ongoing enablement: ReliaQuest engineering develops and executes managed Hunts for a customer, also helping to review findings HEALTH Technology: Continual out-of-band health monitoring of primary technologies ensures continuity and proactive resolution of parameters that can lead to unhealthy conditions Ongoing enablement: ReliaQuest engineering proactively takes measures based on Health indicators for the customer Analytics: SIEM Health and SIEM Maturity scores measure the current configuration and how well current capabilities are optimized, ensuring full use of the value in the SIEM investment HUNT Query-based cross platform data collection Long-term hunt identifying C2 traffic from successful phish EDR SECURITY OTHER HEALTH Out-of-band health monitoring Proactive health monitoring ensures operational continuity

10


Download ppt "Introducing ReliaQuest GreyMatter"

Similar presentations


Ads by Google