Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Accelerating SOC Transformation with IBM Resilient and Carbon Black

440 views

Published on

Security Operation Centers (SOCs) today are complex environments. They often have too many separate tools, uncoordinated analysts in the response process, and confusion around alert prioritization. Because of this, SOCs consistently struggle responding to the most urgent incidents.

The integration between IBM Resilient and Carbon Black helps SOCs overcome these challenges. IBM Resilient’s Intelligent Orchestration combined with Carbon Black Response provides a single view for all relevant response data and streamlines the entire security process. This makes it simpler for analysts to quickly and efficiently remediate cyberattacks.

Join experts Chris Berninger, Business Development Engineer, Carbon Black, and Hugh Pyle, Product Manager, IBM Resilient, for this webinar, to learn:

- How the IBM Resilient-Carbon Black integration works within your SOC to accelerate incident response improvement
- Strategies to implement Intelligent Orchestrate and automation into your incident response process
- Actions that can be taken today for maximizing the effectiveness of your SOC

Published in: Software
  • Be the first to comment

  • Be the first to like this

Accelerating SOC Transformation with IBM Resilient and Carbon Black

  1. 1. Accelerating SOC Transformation with IBM Resilient and Carbon Black The webinar will begin shortly
  2. 2. Accelerating SOC Transformation with IBM Resilient and Carbon Black
  3. 3. 2 Agenda a • Introductions • The IBM Resilient & Carbon Black – how it works and benefits • Integration demonstration • Q&A
  4. 4. 3 About our speakers Chris Berninger, Business Development Engineer Carbon Black Hugh Pyle, Product Manager IBM Resilient
  5. 5. 4 The Market Leader in Incident Response Next-Generation IR Platform with Intelligent Orchestration Largest and most trusted IRP install base in the world Only incident response platform with built-in intelligent orchestration Part of the largest enterprise security organization in the world More than 300 customers globally Customers in more than 30 countries IBM Resilient Partner Ecosystem delivered through IBM Security App Exchange Technology-agnostic platform delivers enterprise-grade integrations with IT and security tools Includes orchestration and automation capabilities Resilient is the hub of IBM Security’s Immune System Expanding customer support and services resources
  6. 6. I © 2018 Carbon Black. All Rights Reserved. I CONFIDENTIAL5 33 of Fortune 100 95+ Cb Integration Network Partners 400+ Channel Partners 4,000+ Customers Globally 1,100+ Employees 140+ Product Integrations About Carbon Black: Endpoint Security Pioneer and Leader 592 1043 1774 2516 3739 2013 2014 2015 2016 2017 Rapidly Growing Customer Base
  7. 7. 6 The Resilient & Carbon Black Integration
  8. 8. 11 Intelligent Orchestration – Drive response. Improve security Orchestration ecosystem • Validated integrations, delivered and supported via IBM Security AppExchange • Community integrations, playbooks, and best practices • Developer community and toolkits for integrations and automations Orchestration and automation • Guided response • Dynamic Playbooks • Customizable business logic • Drag-and-drop visual workflow editor Best practices and IR expertise • Privacy and compliance regulations • Data breach notification reporting • Customizable industry-standard playbooks (NIST, CERT, SANS) Threat intelligence and incident enrichment • Custom threat intelligence feeds • Visualization of incident and artifact relationships • Automated enrichment from integrated SIEM,EDR, and others Collaboration • Email collaboration • Task allocation and accountability • News feed and activity dashboard Incident escalation, creation, and management • Incident ingestion and escalation • Customizable incident management • Central incident system of record Team management • Metrics and KPIs • Analytics dashboard and reporting • Simulations • Workspaces • Role-based access control ORCHESTRATION & AUTOMATION AI & HUMAN INTELLIGENCE CASE MANAGEMENT INTELLIGENT ORCHESTRATION INTELLIGENT ORCHESTRATION
  9. 9. IBM-Validated and Supported Applications Community Applications Escalation • SIEM • Ticketing • IPS/IDS • UBA • DLP Communication and Coordination • Enterprise communications • Ticketing • Crisis management Containment, Response, Recovery • Endpoint • Ticketing • Next-generation firewall • Cloud Access Security Broker Identification and Enrichment • Endpoint • Sandbox • Threat Intelligence • CMDB Unlocks power of existing tools and technologies and increases security ROI and time to value. Enables faster and smarter response through shared IR knowledge, expertise, and resources. Code Examples Community-built scripts and automations Developer Tools and SDKs IBM Resilient-provided resources and documentation for building Resilient apps Playbooks and Workflows Incident response tasks lists and expertise from the Resilient community Integrations Applications that leverage your existing IT and security tools for IR Best Practices Community knowledge sharing, metrics, and reports 11 IBM Resilient Intelligent Orchestration Ecosystem
  10. 10. SEPARATE TOOLS ISOLATED TEAMS The result – delayed response to urgent incidents UNCERTAIN PRIORITIES Dependent on many disjointed security solutions to protect environment SOC, IT, and Operations teams are not coordinated and up-to- date Misalignment of systems and goals complicates prioritization and planning Challenges of SOC Management
  11. 11. Combine the Right People with the Right Data at the Right Time 1 Consolidate tools working together with shared data Streamline communication across essential teams Empower and augment SOC analyst decisions 2 3 How to Accelerate SOC Transformation
  12. 12. Automated Collection of Contextual Data Single Pane of Glass for all IR Data Efficient Response Action Prioritization Accelerating SOC Transformation
  13. 13. KEY BENEFITS: CB RESPONSE + IBM RESILIENT Remote Remediation Improved Context Leverage rich endpoint data and threat intel Remediate issues by banning specific artifacts Accelerated Response All IR data available from a single pane of glass Key Benefits: Cb Response + Resilient IRP
  14. 14. Cb Response detects threat and alerts Resilient Resilient pulls relevant artifact data from Cb Response Malicious event takes place on the endpoint Resilient automatically creates an incident User reviews incident and triggers Cb Response to ban files directly from Resilient Accelerating a SOC Workflow
  15. 15. Rich Endpoint Data System Health Lookups Industry-Leading Threat Intel Artifact Ban Requests Root Cause Visualization Cb Response + Resilient IRP: How it Works
  16. 16. Follow link to Attack Visualization in Cb Response Ban files directly from Resilient via Cb Response Automatically orchestrate standard response steps 1 2 3 Accelerating SOC Response Based on centralized data, you can:
  17. 17. Carbon Black Query Results • Follow link to Attack Visualization in Cb Response • Ban files directly from Resilient via Cb Response • Automatically orchestrate standard response steps
  18. 18.  Threat Alerts  Real-time File/Process Searches  Endpoint Isolation Requests  Automated Escalation Workflow  Auto-Generated Response Plans  Consolidated Incident Records  Rich Endpoint Data  Industry-Leading Threat Intel  Rapid Data Correlation Fully Integrated SOC Solution  Intelligent Orchestration
  19. 19. 18 Demonstration
  20. 20. 19 Q&A

×