SlideShare a Scribd company logo

Comodo MDR Provides Comprehensive SOC-as-a-Service Platform

P
paulharry03

SOC as a Service manages and monitors your logs, devices, network and assets for internal IT teams. It provides skills to combat cybersecurity threats. Get now! - https://mdr.comodo.com/soc-as-a-service.php?afid=10110

Services
1 of 8
Download to read offline
This ESG Technical Review was commissioned by Comodo Cybersecurity and is distributed under license from ESG. © 2018 by The Enterprise Strategy Group, Inc. All Rights Reserved. Abstract This ESG Technical Review documents hands-on testing of the Comodo MDR security operations center (SOC)-as-a-service platform. We focus on how Comodo MDR provides defense-in-depth for organizations’ network, endpoints, web, and cloud infrastructure as a bundled, cost-efficient service. The Challenges As ESG’s annual IT spending intentions survey reveals, the global cybersecurity skills shortage continues unabated. In 2018, 51% of respondents state their organization has a problematic shortage (see Figure 1), up from 45% in 2017.1 IT and security staff face an ever-growing amount of internally and externally generated data, hindering their ability to uncover and resolve threats quickly, and preventing them from keeping skills sets up to date. The skills gap threatens the ability of organizations to maintain effective security controls and minimize risk. Figure 1. Top Ten Areas of IT Skills Shortage Source: Enterprise Strategy Group Organizations need effective cybersecurity management—aggregating data, prioritizing action, and distributing work—to handle the ever-increasing velocity and volume of cyber-attacks. Greater efficiency and automation can prevent organizations from being overwhelmed. Cybersecurity leaders who grasp the impact of the skills shortage should consider investing in developing skills and seeking products that improve operational efficiency. This may be why, according to ESG research, 36% of organizations stated that improving security and risk management was one of their top justifications for IT investments. 1 Source: ESG Research Report, 2018 IT Spending Intentions Survey, February 2018. All ESG research references and charts in this technical review have been taken from this research report. 22% 23% 24% 25% 25% 25% 26% 26% 33% 51% Storage administration Network administration Mobile application development Business intelligence/data analytics Compliance management, monitoring and reporting Application development Data protection (i.e., backup and recovery) Server/virtualization administration IT architecture/planning Cybersecurity In which of the following areas do you believe your IT organization currently has a problematic shortage of existing skills? (Percent of respondents, N=620, multiple responses accepted) TechnicalReview ComodoMDR:SecurityOperationsCenter-as-a-service Date: November 2018 Author: Tony Palmer, Senior Validation Analyst; and Jack Poller, Senior Analyst Enterprise Strategy Group | Getting to the bigger truth.™
Technical Review: Comodo MDR: Security Operations Center-as-a-service 2 © 2018 by The Enterprise Strategy Group, Inc. All Rights Reserved. The Solution: Comodo MDR Comodo MDR is an integrated suite of managed detection and response technologies and services for advanced cybersecurity. The security operations center-as-a-service (SOCaaS) includes managed network (NDR), endpoint (EDR), web (WDR), and cloud (CDR) detection and response modules. Comodo MDR models operations on the NIST Cybersecurity Framework—standards, guidelines, and best practices to manage cybersecurity-related risk. NIST designed the framework to provide a prioritized, flexible, and cost-effective approach to promote the protection and resilience of IT infrastructure. This framework is organized around: • Identify—Organizations can identify emerging threats using continuous log monitoring and behavioral anomaly detection integrated with external threat intelligence sources. • Protect—Managed detection and response is layered on top of network, endpoint, cloud, and web detection and response and uses continuous monitoring as part of the defense-in-depth strategy to ensure perimeter, endpoint, back-end, and DMZ systems are free from compromise. • Detect—Event correlations, behavioral analyses, real-time event processing, and correlation across all sensors enable detection of attacks. • Respond—Preemptive containment technology, automation, and integration with various playbooks enable analysts to make the appropriate decisions, containing attacks and removing the possibility of attack propagation. • Recover—Incident and case management services support enables onsite staff to manage the process of recovering from an attack. • Review—Complete logging from event detection through response and recovery provide the mechanism for the cybersecurity team to review, adapt, and improve security and response for changes in adversary threats and techniques. Why Comodo MDR? ESG asked organizations what they felt were the three most important attributes of a cybersecurity platform.2 Broad coverage across threat vectors like email and web (38%), central management across all products and services (33%), capabilities across prevention, detection, and response (31%), and coverage that spans endpoints, networks, servers, and cloud-based workloads (27%) were the top four responses. Cloud-based back-end services and tightly-coupled products and services—i.e., products and managed service options offering central command-and-control—were also cited. ESG analyzed MDR offerings from five vendors including Comodo MDR to estimate the maturity level of the market versus Comodo’s MDR offering. All vendors provided a few key features that can be defined as baseline MDR functionality. These features include managed network detection and response, integration with threat intelligence feeds, security monitoring, incident analysis, log data collection and correlation, and dedicated support staff. Comodo’s global real-time support architecture includes 24x7 monitoring and detection at three unique global sites with five separate threat labs and is staffed by more than 150 cybersecurity experts. Comodo has a more holistic view of what an MDR platform should be and has integrated all their technologies and products into the offering. There are numerous categories of functionality where Comodo MDR differentiates itself, detailed in Table 1. 2 Source: ESG Master Survey Results, Enterprise-class Cybersecurity Vendor Sentiment Survey, October 2018 Respond Detect ProtectIdentify Review Recover
Technical Review: Comodo MDR: Security Operations Center-as-a-service 3 © 2018 by The Enterprise Strategy Group, Inc. All Rights Reserved. Table 1. Comodo MDR Service Analysis Service Other MDR Vendors Comodo MDR Managed endpoint detection and response Other vendors we examined offer some level of managed endpoint detection and response. • Base-event level environment analysis. • Granular root-cause analysis. Managed application detection and response; Managed cloud detection and response Most vendors we examined offer application and cloud detection and response. • Monitors user access and security configuration changes. • Data loss prevention for cloud apps. • Threat and anomaly detection and remediation. Managed web detection and response No vendors we examined offer managed web detection and response. • Web Application Firewall (WAF) provisioned over a Secure Content Delivery Network (CDN) • Staffed by certified security analysts in a 24x7x365 Cyber Security Operations Center (CSOC). • Powered by a SIEM that leverages data from over 85 million endpoints. User and entity behavior analytics Other vendors we examined offer some level of user and entity behavior analytics • Profiling and alerting for anomalous behaviors and patterns on network, cloud, and endpoint assets. Threat hunting Other vendors we examined offer some level of a threat hunting service. • Data visualization and analysis, statistical correlations, and data pivoting. • Base-event granularity to enable analysts to hunt for threats throughout the environment. Incident response Other vendors we examined offer some level of incident response. • Multiple diverse techniques to disrupt and contain threats: APIs, watchlists, rules updates, isolation of processes or hosts from the network via endpoint agents, and/or locking and suspending user accounts. Case management Most vendors we examined offer some level of case management. • Workflow integration tools prioritize alerts correctly to increase the speed and accuracy of remediation. Pre-emptive containment No vendors we examined offered pre-emptive containment. • Comodo MDR offers a pre-emptive approach to containment, using the Valkyrie file verdict system to isolate unknown files on endpoints and return a fast decision. Cloud-based SIEM Some vendors we examined offer a cloud based SIEM, others rely on on-premises offerings. • Event and forensic data across multiple network, endpoint, web, and cloud sensors are made available in a uniform log with a standardized visual interface. • Included in MDR with no licensing, infrastructure, or CapEx required. AI support Some vendors we examined leverage some level of AI and machine learning. • Semi-supervised artificial intelligence engine. • Comodo’s cybersecurity analyst decisions are fed into the AI intelligence engine to accelerate the detection and response to new threats. Source: Enterprise Strategy Group Comodo’s goal is to redefine SOC operations, turning the current model on its head. Today, organizations employ numerous tier-1 cybersecurity analysts to monitor feeds and alerts from many independent tools from different vendors and sift through false positives, “screen watchers,” if you will. Comodo MDR is designed to provide intelligent automation to enable
Technical Review: Comodo MDR: Security Operations Center-as-a-service 4 © 2018 by The Enterprise Strategy Group, Inc. All Rights Reserved. people to be deployed on more strategic and valuable tasks. Using Comodo MDR also enables organizations to extend their IT and security staff capabilities with Comodo’s three-tiered analyst-supported SOC services. Another important challenge for organizations is threats and attacks from outside their sphere of awareness. Organizations pay close attention to their own network and the devices and activity on it, but other attack spaces—the deep web and dark web, for example—might be completely invisible to them. Comodo MDR pulls data and intelligence from all areas into its platform to provide actionable intelligence to enable organizations to hunt for threats. ESG Lab Tested First, ESG looked at Comodo EDR with a goal of validating how it provides alerting for early warnings of known and unknown threats as well as detection of events and response. Comodo EDR requires a lightweight endpoint agent that consumes less than 1% CPU and 15-20MB RAM and can be deployed via group policy object (GPO) or by remote script execution on Comodo ONE, Comodo’s remote monitoring and management platform. The EDR dashboard, seen in Figure 2, provides a summary view of malware and suspicious activity, including both early-warning alerts and detections of malware attacks. All are clickable links, enabling quick drill-down and investigation. In this case, we noted the most alerted endpoint, clicked on the total alerts link, and selected the endpoint to see the list of alerts associated with it. Figure 2. The Comodo EDR Dashboard Source: Enterprise Strategy Group In the alerts, we selected the top suspicious system process creation alert and clicked details. This showed us details on the file that created the suspicious process, including the file trajectory (i.e., movement of the file inside an organization), how the file operated (i.e., through PowerShell), and what specific commands were executed. There is a tremendous amount of additional detail and context provided by Comodo EDR that enables organizations to easily see which endpoints have executed this file and all the events the file has been involved in. This file was an unknown file when these alerts were generated, and EDR provided an early warning that enabled quick investigation and response. Next, we looked at how Comodo NDR works with on-premises sensors and other Comodo MDR components to collect and process logs and data from customer networks and automatically create incidents in the Comodo SOC. We EDR leverages Comodo’s fully- customizable security policies. All license types come with Comodo’s set of recommended security policies, but customers can customize security policies that alert on based on their business requirements.
Technical Review: Comodo MDR: Security Operations Center-as-a-service 5 © 2018 by The Enterprise Strategy Group, Inc. All Rights Reserved. simulated multiple malware attacks on a test workstation running Windows 10 and the Comodo Internet Security client. We launched multiple malware attacks from the wicar.org website to observe how Comodo MDR integrates Comodo’s suite of security offerings. Figure 3 shows the Comodo NDR dashboard after the malware payloads were detonated; incidents were generated automatically by the appropriate Comodo NDR component for detected malware, activities, behaviors, and intrusions. Figure 3. Automatically Generated Incidents in Comodo NDR Source: Enterprise Strategy Group Next, we looked at how cWatch Web enables organizations to protect their websites leveraging Comodo’s cloud-based SOC. We logged in to the cWatch Web customer portal, seen in Figure 4. Figure 4. The cWatch Web Dashboard Source: Enterprise Strategy Group In the customer portal, organizations start with a summary view of their sites that are protected by cWatch Web. In addition to overviews of malware, vulnerabilities, and blocked attacks, an organization can easily drill down into any of its sites and learn more about any of the categories listed, such as reputation, malware, vulnerabilities, etc. We clicked on the site name oilandgastechnoloy.net and selected Malware.
Technical Review: Comodo MDR: Security Operations Center-as-a-service 6 © 2018 by The Enterprise Strategy Group, Inc. All Rights Reserved. Figure 5. The cWatch Web Dashboard Source: Enterprise Strategy Group As Figure 5 shows, in a scheduled scan, nine instances of malware were found on this site. Behind the scenes, nine tickets requesting cleanup were automatically opened in the Comodo SOC, and all nine were automatically cleaned. cWatch Web also takes automated actions to address vulnerabilities in multiple categories and has the availability to virtually patch servers by creating targeted firewall rules to address open vulnerabilities until a patch becomes available. ESG looked at multiple other components of the Comodo solution and how they integrated into the overall service. One example is Valkyrie, Comodo’s cloud-based file analysis platform that provides static, dynamic, and human expert analysis for submitted known and unknown files. Valkyrie is the file analysis platform for all Comodo 360 network and endpoint solutions. Valkyrie’s verdict-driven file analysis platform processes over 200 million unknown file submissions per day, uncovering more than 300 million unknown files every year leveraging integrated Comodo solutions, partners, and their active global community of threat researchers. Why This Matters To address the cybersecurity skills gap, organizations need efficiency and automation for effective cybersecurity management if they hope to handle the ever-increasing velocity and volume of cyber-attacks without being overwhelmed. According to ESG research, 36% of organizations stated that improving security and risk management was one of their top justifications for IT investments. Comodo has created an integrated, cloud-based SOCaaS offering that enables organizations to quickly and easily leverage the components they need—endpoint, network, web, cloud, or all four—along with Comodo’s team of highly skilled security analysts to improve their security posture simply and cost-effectively. Addressing malware on websites is very different from addressing malware on endpoints. Backdoors, code inserted into legitimate PHP scripts, and other non-executable components that are designed to deliver the payload would not be detected by traditional endpoint protection, which scans for executables and their behaviors.
Technical Review: Comodo MDR: Security Operations Center-as-a-service 7 © 2018 by The Enterprise Strategy Group, Inc. All Rights Reserved. The Bigger Truth The ever-increasing volume and velocity of data, the shift to cloud architectures, digital transformation initiatives, and the growing sophistication of malicious actors are putting increasing demands on IT infrastructures, and high-performant cybersecurity solutions are often hampered by the increasing complexity of IT infrastructures. According to recent ESG research, more than two-thirds of surveyed organizations said that their IT environment has gotten more complex in the last two years. This complexity blurs the infrastructure perimeter, and makes it difficult to defend network, endpoint, cloud, and web workloads. Thus, it’s no surprise that organizations are seeking to identify the best comprehensive security solution for their IT infrastructure. When a security event hits, many organizations scramble for answers to questions such as: • What happened? • Who perpetrated it? • Where did it occur? • When did it begin? • How did it happen? • Why was it possible? • And arguably the most important: What should we do now? Effective incident response should handle all these questions quickly and effectively. ESG testing revealed that Comodo MDR enables organizations to quickly deploy and integrate a turnkey SOC for defense-in-depth protection of their critical assets (i.e., endpoints, networks, websites, and cloud resources), unifying all those different pieces under a common control framework and enabling organizations to not only be able to answer the questions listed above, but understand how to strengthen their security posture and prevent events in the future. • NIST Cybersecurity Framework—Comodo MDR follows the well-known and well-regarded framework to identify, prevent, detect, respond to, and recover from threats and attacks. • Improved economics—Comodo’s SOCaaS delivers all features and functionality using an as-a-service model and reduces requirements for capital investments in cybersecurity IT infrastructure, software licenses, and the need for highly trained senior cybersecurity personnel. • Global, real-time support— Comodo MDR uses a “follow-the-sun” model, with 24x7 monitoring and detection using three unique global sites, five separate threat labs, and more than 150 professionals and cybersecurity experts. • Uniformity—Comodo MDR’s security information and event manager (SIEM) makes all event and forensic data across multiple network, endpoint, web, and cloud sensors available in a uniform log with a standardized visual interface. • Preemptive containment—Comodo patented technology preemptively contains and stops threats by denying malicious activity while allowing normal operations. • Comprehensive coverage—Comodo MDR incorporates customer sensors for network, endpoint, web, and cloud workloads. • Comprehensive threat hunting—Comodo provides a platform that delivers data visualization and analysis, statistical correlations, data pivoting, and other tools to enable security analysts to hunt for threats throughout the environment. • AI guided MDR—Comodo’s semi-supervised artificial intelligence engine learns from the activities and operations of Comodo’s cybersecurity experts, accelerating the detection and response to new threats. Organizations interested in automating the repetitive, tactical activities that consume their security teams today and move toward a proactive, intelligence-led model of prevention would be smart to explore how Comodo’s MDR SOC-as-a-service can improve the operational efficiency of their cybersecurity teams, enabling them to rapidly and accurately answer those questions and improve their cybersecurity posture.
Technical Review: Comodo MDR: Security Operations Center-as-a-service 8 © 2018 by The Enterprise Strategy Group, Inc. All Rights Reserved.www.esg-global.com contact@esg-global.com P.508.482.0188 © 2018 by The Enterprise Strategy Group, Inc. All Rights Reserved. All trademark names are property of their respective companies. Information contained in this publication has been obtained by sources The Enterprise Strategy Group (ESG) considers to be reliable but is not warranted by ESG. This publication may contain opinions of ESG, which are subject to change. This publication is copyrighted by The Enterprise Strategy Group, Inc. Any reproduction or redistribution of this publication, in whole or in part, whether in hard-copy format, electronically, or otherwise to persons not authorized to receive it, without the express consent of The Enterprise Strategy Group, Inc., is in violation of U.S. copyright law and will be subject to an action for civil damages and, if applicable, criminal prosecution. Should you have any questions, please contact ESG Client Relations at 508.482.0188. The goal of ESG Validation reports is to educate IT professionals about information technology solutions for companies of all types and sizes. ESG Validation reports are not meant to replace the evaluation process that should be conducted before making purchasing decisions, but rather to provide insight into these emerging technologies. Our objectives are to explore some of the more valuable features and functions of IT solutions, show how they can be used to solve real customer problems, and identify any areas needing improvement. The ESG Validation Team’s expert third- party perspective is based on our own hands-on testing as well as on interviews with customers who use these products in production environments.

Recommended

Security assessment isaca sv presentation jan 2016
Security assessment isaca sv presentation jan 2016Security assessment isaca sv presentation jan 2016
Security assessment isaca sv presentation jan 2016EnterpriseGRC Solutions, Inc.
 
Irv Badr: Managing Risk Safety and Security Compliance
Irv Badr: Managing Risk Safety and Security Compliance Irv Badr: Managing Risk Safety and Security Compliance
Irv Badr: Managing Risk Safety and Security Compliance EnergyTech2015
 
Virtualization and cloud impact overview auditor spin enterprise gr-cv3
Virtualization and cloud impact overview auditor spin enterprise gr-cv3Virtualization and cloud impact overview auditor spin enterprise gr-cv3
Virtualization and cloud impact overview auditor spin enterprise gr-cv3EnterpriseGRC Solutions, Inc.
 
Does audit make us more secure
Does audit make us more secureDoes audit make us more secure
Does audit make us more secureEnterpriseGRC Solutions, Inc.
 
Securing the Supply Chain
Securing the Supply ChainSecuring the Supply Chain
Securing the Supply ChainIgnyte Assurance Platform
 
Eng Solutions - Capability Statement-Latest
Eng Solutions - Capability Statement-LatestEng Solutions - Capability Statement-Latest
Eng Solutions - Capability Statement-LatestHank Eng, CISSP, CISA, CISM
 
Building Bridges: Security Metrics to Narrow the Chasm Between Perception and...
Building Bridges: Security Metrics to Narrow the Chasm Between Perception and...Building Bridges: Security Metrics to Narrow the Chasm Between Perception and...
Building Bridges: Security Metrics to Narrow the Chasm Between Perception and...InnoTech
 
Security Maturity Models.
Security Maturity Models.Security Maturity Models.
Security Maturity Models.Priyanka Aash
 

Recommended

Security assessment isaca sv presentation jan 2016
Security assessment isaca sv presentation jan 2016Security assessment isaca sv presentation jan 2016
Security assessment isaca sv presentation jan 2016EnterpriseGRC Solutions, Inc.
 
Irv Badr: Managing Risk Safety and Security Compliance
Irv Badr: Managing Risk Safety and Security Compliance Irv Badr: Managing Risk Safety and Security Compliance
Irv Badr: Managing Risk Safety and Security Compliance EnergyTech2015
 
Virtualization and cloud impact overview auditor spin enterprise gr-cv3
Virtualization and cloud impact overview auditor spin enterprise gr-cv3Virtualization and cloud impact overview auditor spin enterprise gr-cv3
Virtualization and cloud impact overview auditor spin enterprise gr-cv3EnterpriseGRC Solutions, Inc.
 
Does audit make us more secure
Does audit make us more secureDoes audit make us more secure
Does audit make us more secureEnterpriseGRC Solutions, Inc.
 
Securing the Supply Chain
Securing the Supply ChainSecuring the Supply Chain
Securing the Supply ChainIgnyte Assurance Platform
 
Eng Solutions - Capability Statement-Latest
Eng Solutions - Capability Statement-LatestEng Solutions - Capability Statement-Latest
Eng Solutions - Capability Statement-LatestHank Eng, CISSP, CISA, CISM
 
Building Bridges: Security Metrics to Narrow the Chasm Between Perception and...
Building Bridges: Security Metrics to Narrow the Chasm Between Perception and...Building Bridges: Security Metrics to Narrow the Chasm Between Perception and...
Building Bridges: Security Metrics to Narrow the Chasm Between Perception and...InnoTech
 
Security Maturity Models.
Security Maturity Models.Security Maturity Models.
Security Maturity Models.Priyanka Aash
 
Cybersecurity Preparedness Trends and Best Practices
Cybersecurity Preparedness Trends and Best PracticesCybersecurity Preparedness Trends and Best Practices
Cybersecurity Preparedness Trends and Best PracticesTony Moroney
 
Security Maturity Assessment
Security Maturity AssessmentSecurity Maturity Assessment
Security Maturity AssessmentClaude Baudoin
 
How close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe SecurityHow close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe SecurityRahul Tyagi
 
GSA's Presentation on Improving Cyber Security Through Acquisition
GSA's Presentation on Improving Cyber Security Through AcquisitionGSA's Presentation on Improving Cyber Security Through Acquisition
GSA's Presentation on Improving Cyber Security Through AcquisitionGovernment Technology and Services Coalition
 
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)Vijilan IT Security solutions
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)PECB
 
Report Gartner Magic Quadrant For Security Web Gateway 2011 En
Report Gartner Magic Quadrant For Security Web Gateway 2011 EnReport Gartner Magic Quadrant For Security Web Gateway 2011 En
Report Gartner Magic Quadrant For Security Web Gateway 2011 EnRiccardoPelliccioli
 
TrustedAgent GRC for Vulnerability Management
TrustedAgent GRC for Vulnerability ManagementTrustedAgent GRC for Vulnerability Management
TrustedAgent GRC for Vulnerability ManagementTuan Phan
 
Assessing and Managing IT Security Risks
Assessing and Managing IT Security RisksAssessing and Managing IT Security Risks
Assessing and Managing IT Security RisksChris Ross
 
StateOfSecOps - Final - Published
StateOfSecOps - Final - PublishedStateOfSecOps - Final - Published
StateOfSecOps - Final - PublishedJames Blake
 
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0Happiest Minds Technologies
 
TA security
TA securityTA security
TA securitykesavars
 
Security Operation Center - Design & Build
Security Operation Center - Design & BuildSecurity Operation Center - Design & Build
Security Operation Center - Design & BuildSameer Paradia
 
bsi-cyber-resilience-presentation
bsi-cyber-resilience-presentationbsi-cyber-resilience-presentation
bsi-cyber-resilience-presentationAjai Srivastava
 
Hewlett-Packard Enterprise- State of Security Operations 2015
Hewlett-Packard Enterprise- State of Security Operations 2015Hewlett-Packard Enterprise- State of Security Operations 2015
Hewlett-Packard Enterprise- State of Security Operations 2015Kim Jensen
 
TOGAF 9 - Security Architecture Ver1 0
TOGAF 9 - Security Architecture Ver1 0TOGAF 9 - Security Architecture Ver1 0
TOGAF 9 - Security Architecture Ver1 0Maganathin Veeraragaloo
 
State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...at MicroFocus Italy ❖✔
 
Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...
Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...
Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...DFLABS SRL
 
Cybersecurity solution-guide
Cybersecurity solution-guideCybersecurity solution-guide
Cybersecurity solution-guideAdilsonSuende
 
Managed Detection and Response (MDR) Whitepaper
Managed Detection and Response (MDR) WhitepaperManaged Detection and Response (MDR) Whitepaper
Managed Detection and Response (MDR) WhitepaperMarc St-Pierre
 
Qradar Business Case
Qradar Business CaseQradar Business Case
Qradar Business CaseEnterprise Technology Management (ETM)
 
Cybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas CompanyCybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas CompanyEryk Budi Pratama
 

More Related Content

What's hot

Cybersecurity Preparedness Trends and Best Practices
Cybersecurity Preparedness Trends and Best PracticesCybersecurity Preparedness Trends and Best Practices
Cybersecurity Preparedness Trends and Best PracticesTony Moroney
 
Security Maturity Assessment
Security Maturity AssessmentSecurity Maturity Assessment
Security Maturity AssessmentClaude Baudoin
 
How close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe SecurityHow close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe SecurityRahul Tyagi
 
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)Vijilan IT Security solutions
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)PECB
 
Report Gartner Magic Quadrant For Security Web Gateway 2011 En
Report Gartner Magic Quadrant For Security Web Gateway 2011 EnReport Gartner Magic Quadrant For Security Web Gateway 2011 En
Report Gartner Magic Quadrant For Security Web Gateway 2011 EnRiccardoPelliccioli
 
TrustedAgent GRC for Vulnerability Management
TrustedAgent GRC for Vulnerability ManagementTrustedAgent GRC for Vulnerability Management
TrustedAgent GRC for Vulnerability ManagementTuan Phan
 
Assessing and Managing IT Security Risks
Assessing and Managing IT Security RisksAssessing and Managing IT Security Risks
Assessing and Managing IT Security RisksChris Ross
 
StateOfSecOps - Final - Published
StateOfSecOps - Final - PublishedStateOfSecOps - Final - Published
StateOfSecOps - Final - PublishedJames Blake
 
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0Happiest Minds Technologies
 
TA security
TA securityTA security
TA securitykesavars
 
Security Operation Center - Design & Build
Security Operation Center - Design & BuildSecurity Operation Center - Design & Build
Security Operation Center - Design & BuildSameer Paradia
 
bsi-cyber-resilience-presentation
bsi-cyber-resilience-presentationbsi-cyber-resilience-presentation
bsi-cyber-resilience-presentationAjai Srivastava
 
Hewlett-Packard Enterprise- State of Security Operations 2015
Hewlett-Packard Enterprise- State of Security Operations 2015Hewlett-Packard Enterprise- State of Security Operations 2015
Hewlett-Packard Enterprise- State of Security Operations 2015Kim Jensen
 
State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...at MicroFocus Italy ❖✔
 
Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...
Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...
Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...DFLABS SRL
 
Cybersecurity solution-guide
Cybersecurity solution-guideCybersecurity solution-guide
Cybersecurity solution-guideAdilsonSuende
 

What's hot (19)

Cybersecurity Preparedness Trends and Best Practices
Cybersecurity Preparedness Trends and Best PracticesCybersecurity Preparedness Trends and Best Practices
Cybersecurity Preparedness Trends and Best Practices
 
Security Maturity Assessment
Security Maturity AssessmentSecurity Maturity Assessment
Security Maturity Assessment
 
How close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe SecurityHow close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe Security
 
GSA's Presentation on Improving Cyber Security Through Acquisition
GSA's Presentation on Improving Cyber Security Through AcquisitionGSA's Presentation on Improving Cyber Security Through Acquisition
GSA's Presentation on Improving Cyber Security Through Acquisition
 
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)
 
Report Gartner Magic Quadrant For Security Web Gateway 2011 En
Report Gartner Magic Quadrant For Security Web Gateway 2011 EnReport Gartner Magic Quadrant For Security Web Gateway 2011 En
Report Gartner Magic Quadrant For Security Web Gateway 2011 En
 
TrustedAgent GRC for Vulnerability Management
TrustedAgent GRC for Vulnerability ManagementTrustedAgent GRC for Vulnerability Management
TrustedAgent GRC for Vulnerability Management
 
Assessing and Managing IT Security Risks
Assessing and Managing IT Security RisksAssessing and Managing IT Security Risks
Assessing and Managing IT Security Risks
 
StateOfSecOps - Final - Published
StateOfSecOps - Final - PublishedStateOfSecOps - Final - Published
StateOfSecOps - Final - Published
 
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
 
TA security
TA securityTA security
TA security
 
Security Operation Center - Design & Build
Security Operation Center - Design & BuildSecurity Operation Center - Design & Build
Security Operation Center - Design & Build
 
bsi-cyber-resilience-presentation
bsi-cyber-resilience-presentationbsi-cyber-resilience-presentation
bsi-cyber-resilience-presentation
 
Hewlett-Packard Enterprise- State of Security Operations 2015
Hewlett-Packard Enterprise- State of Security Operations 2015Hewlett-Packard Enterprise- State of Security Operations 2015
Hewlett-Packard Enterprise- State of Security Operations 2015
 
TOGAF 9 - Security Architecture Ver1 0
TOGAF 9 - Security Architecture Ver1 0TOGAF 9 - Security Architecture Ver1 0
TOGAF 9 - Security Architecture Ver1 0
 
State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...
 
Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...
Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...
Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...
 
Cybersecurity solution-guide
Cybersecurity solution-guideCybersecurity solution-guide
Cybersecurity solution-guide
 

Similar to Comodo MDR Provides Comprehensive SOC-as-a-Service Platform

Managed Detection and Response (MDR) Whitepaper
Managed Detection and Response (MDR) WhitepaperManaged Detection and Response (MDR) Whitepaper
Managed Detection and Response (MDR) WhitepaperMarc St-Pierre
 
Cybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas CompanyCybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas CompanyEryk Budi Pratama
 
4-lessons-of-security-leaders-for-2022.pdf
4-lessons-of-security-leaders-for-2022.pdf4-lessons-of-security-leaders-for-2022.pdf
4-lessons-of-security-leaders-for-2022.pdfJose R
 
How to Raise Cyber Risk Awareness and Management to the C-Suite
How to Raise Cyber Risk Awareness and Management to the C-SuiteHow to Raise Cyber Risk Awareness and Management to the C-Suite
How to Raise Cyber Risk Awareness and Management to the C-SuiteSurfWatch Labs
 
Securing the Digital Frontier - An Analysis of Cybersecurity Landscape and Tr...
Securing the Digital Frontier - An Analysis of Cybersecurity Landscape and Tr...Securing the Digital Frontier - An Analysis of Cybersecurity Landscape and Tr...
Securing the Digital Frontier - An Analysis of Cybersecurity Landscape and Tr...Draup3
 
Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)Ben Rothke
 
Didiet Cybersecurity Consultant Portfolio - English
Didiet Cybersecurity Consultant Portfolio - EnglishDidiet Cybersecurity Consultant Portfolio - English
Didiet Cybersecurity Consultant Portfolio - EnglishDidiet Kusumadihardja
 
QRadar-XDR-Solution.pdf
QRadar-XDR-Solution.pdfQRadar-XDR-Solution.pdf
QRadar-XDR-Solution.pdfssuserf5beb3
 
Key metrics and process in cyber security case scenario
Key metrics and process in cyber security case scenarioKey metrics and process in cyber security case scenario
Key metrics and process in cyber security case scenarioBim Akinfenwa
 
Key metrics and process in cyber security case scenario
Key metrics and process in cyber security case scenarioKey metrics and process in cyber security case scenario
Key metrics and process in cyber security case scenarioAkingbade Akinfenwa
 
Cognitive security
Cognitive securityCognitive security
Cognitive securityIqra khalil
 
Make things come alive in a secure way - Sigfox
Make things come alive in a secure way - SigfoxMake things come alive in a secure way - Sigfox
Make things come alive in a secure way - SigfoxSigfox
 
Softchoice Security Consolidation Survey Results
Softchoice Security Consolidation Survey ResultsSoftchoice Security Consolidation Survey Results
Softchoice Security Consolidation Survey ResultsSoftchoice Corporation
 
Comparative study of Cyber Security Assessment Tools
Comparative study of Cyber Security Assessment ToolsComparative study of Cyber Security Assessment Tools
Comparative study of Cyber Security Assessment ToolsIRJET Journal
 
Legal And Regulatory Issues Cloud Computing...V2.0
Legal And Regulatory Issues Cloud Computing...V2.0Legal And Regulatory Issues Cloud Computing...V2.0
Legal And Regulatory Issues Cloud Computing...V2.0David Spinks
 
SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)Norm Barber
 
Automation alley day in the cloud presentation - formatted
Automation alley day in the cloud presentation - formattedAutomation alley day in the cloud presentation - formatted
Automation alley day in the cloud presentation - formattedMatthew Moldvan
 
G01.2013 magic quadrant for endpoint protection platforms
G01.2013 magic quadrant for endpoint protection platformsG01.2013 magic quadrant for endpoint protection platforms
G01.2013 magic quadrant for endpoint protection platformsSatya Harish
 

Similar to Comodo MDR Provides Comprehensive SOC-as-a-Service Platform (20)

Managed Detection and Response (MDR) Whitepaper
Managed Detection and Response (MDR) WhitepaperManaged Detection and Response (MDR) Whitepaper
Managed Detection and Response (MDR) Whitepaper
 
Qradar Business Case
Qradar Business CaseQradar Business Case
Qradar Business Case
 
Cybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas CompanyCybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas Company
 
4-lessons-of-security-leaders-for-2022.pdf
4-lessons-of-security-leaders-for-2022.pdf4-lessons-of-security-leaders-for-2022.pdf
4-lessons-of-security-leaders-for-2022.pdf
 
How to Raise Cyber Risk Awareness and Management to the C-Suite
How to Raise Cyber Risk Awareness and Management to the C-SuiteHow to Raise Cyber Risk Awareness and Management to the C-Suite
How to Raise Cyber Risk Awareness and Management to the C-Suite
 
Securing the Digital Frontier - An Analysis of Cybersecurity Landscape and Tr...
Securing the Digital Frontier - An Analysis of Cybersecurity Landscape and Tr...Securing the Digital Frontier - An Analysis of Cybersecurity Landscape and Tr...
Securing the Digital Frontier - An Analysis of Cybersecurity Landscape and Tr...
 
SIEM Buyer's Guide
SIEM Buyer's GuideSIEM Buyer's Guide
SIEM Buyer's Guide
 
Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)
 
Didiet Cybersecurity Consultant Portfolio - English
Didiet Cybersecurity Consultant Portfolio - EnglishDidiet Cybersecurity Consultant Portfolio - English
Didiet Cybersecurity Consultant Portfolio - English
 
QRadar-XDR-Solution.pdf
QRadar-XDR-Solution.pdfQRadar-XDR-Solution.pdf
QRadar-XDR-Solution.pdf
 
Key metrics and process in cyber security case scenario
Key metrics and process in cyber security case scenarioKey metrics and process in cyber security case scenario
Key metrics and process in cyber security case scenario
 
Key metrics and process in cyber security case scenario
Key metrics and process in cyber security case scenarioKey metrics and process in cyber security case scenario
Key metrics and process in cyber security case scenario
 
Cognitive security
Cognitive securityCognitive security
Cognitive security
 
Make things come alive in a secure way - Sigfox
Make things come alive in a secure way - SigfoxMake things come alive in a secure way - Sigfox
Make things come alive in a secure way - Sigfox
 
Softchoice Security Consolidation Survey Results
Softchoice Security Consolidation Survey ResultsSoftchoice Security Consolidation Survey Results
Softchoice Security Consolidation Survey Results
 
Comparative study of Cyber Security Assessment Tools
Comparative study of Cyber Security Assessment ToolsComparative study of Cyber Security Assessment Tools
Comparative study of Cyber Security Assessment Tools
 
Legal And Regulatory Issues Cloud Computing...V2.0
Legal And Regulatory Issues Cloud Computing...V2.0Legal And Regulatory Issues Cloud Computing...V2.0
Legal And Regulatory Issues Cloud Computing...V2.0
 
SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)
 
Automation alley day in the cloud presentation - formatted
Automation alley day in the cloud presentation - formattedAutomation alley day in the cloud presentation - formatted
Automation alley day in the cloud presentation - formatted
 
G01.2013 magic quadrant for endpoint protection platforms
G01.2013 magic quadrant for endpoint protection platformsG01.2013 magic quadrant for endpoint protection platforms
G01.2013 magic quadrant for endpoint protection platforms
 

Recently uploaded

9643097474 Full Enjoy @24/7 Call Girls In Mahipalpur Delhi Ncr
9643097474 Full Enjoy @24/7 Call Girls In Mahipalpur Delhi Ncr9643097474 Full Enjoy @24/7 Call Girls In Mahipalpur Delhi Ncr
9643097474 Full Enjoy @24/7 Call Girls In Mahipalpur Delhi Ncrthapariya601
 
Call Girls In Lahore || 03010449222 ||Lahore Call Girl Available 24/7
Call Girls In Lahore || 03010449222 ||Lahore Call Girl Available 24/7Call Girls In Lahore || 03010449222 ||Lahore Call Girl Available 24/7
Call Girls In Lahore || 03010449222 ||Lahore Call Girl Available 24/7Ayesha Khan
 
Call Girls In {Aerocity Delhi} 98733@20244 Indian Russian High Profile Girls ...
Call Girls In {Aerocity Delhi} 98733@20244 Indian Russian High Profile Girls ...Call Girls In {Aerocity Delhi} 98733@20244 Indian Russian High Profile Girls ...
Call Girls In {Aerocity Delhi} 98733@20244 Indian Russian High Profile Girls ...aakahthapa70
 
Hot Vip Call Girls Service In Sector 149,9818099198 Young Female Escorts Serv...
Hot Vip Call Girls Service In Sector 149,9818099198 Young Female Escorts Serv...Hot Vip Call Girls Service In Sector 149,9818099198 Young Female Escorts Serv...
Hot Vip Call Girls Service In Sector 149,9818099198 Young Female Escorts Serv...riyaescorts54
 
9643097474 Full Enjoy @24/7 Call Girls In Munirka Delhi Ncr
9643097474 Full Enjoy @24/7 Call Girls In Munirka Delhi Ncr9643097474 Full Enjoy @24/7 Call Girls In Munirka Delhi Ncr
9643097474 Full Enjoy @24/7 Call Girls In Munirka Delhi Ncrthapariya601
 
Call Girls in Lahore || 03081633338 || 50+ ❤️ Sexy Girls Babes for Sexual - vip
Call Girls in Lahore || 03081633338 || 50+ ❤️ Sexy Girls Babes for Sexual - vipCall Girls in Lahore || 03081633338 || 50+ ❤️ Sexy Girls Babes for Sexual - vip
Call Girls in Lahore || 03081633338 || 50+ ❤️ Sexy Girls Babes for Sexual - vipAyesha Khan
 
9899855202 Call Girls In Goa This Ads Is Only For Those Clients Who Are Looki...
9899855202 Call Girls In Goa This Ads Is Only For Those Clients Who Are Looki...9899855202 Call Girls In Goa This Ads Is Only For Those Clients Who Are Looki...
9899855202 Call Girls In Goa This Ads Is Only For Those Clients Who Are Looki...delhincr993
 
Call Girls In {Laxmi Nagar Delhi} 9667938988 Indian Russian High Profile Girl...
Call Girls In {Laxmi Nagar Delhi} 9667938988 Indian Russian High Profile Girl...Call Girls In {Laxmi Nagar Delhi} 9667938988 Indian Russian High Profile Girl...
Call Girls In {Laxmi Nagar Delhi} 9667938988 Indian Russian High Profile Girl...aakahthapa70
 
NASHIK CALL GIRL 92628*71154 NASHIK CALL
NASHIK CALL GIRL 92628*71154 NASHIK CALLNASHIK CALL GIRL 92628*71154 NASHIK CALL
NASHIK CALL GIRL 92628*71154 NASHIK CALLNiteshKumar82226
 
Call Us ≽ 9643900018 ≼ Call Girls In Lado Sarai (Delhi)
Call Us ≽ 9643900018 ≼ Call Girls In Lado Sarai (Delhi)Call Us ≽ 9643900018 ≼ Call Girls In Lado Sarai (Delhi)
Call Us ≽ 9643900018 ≼ Call Girls In Lado Sarai (Delhi)ayushiverma1100
 
9643097474 Full Enjoy @24/7 Call Girls In Khirki Extension Delhi Ncr
9643097474 Full Enjoy @24/7 Call Girls In Khirki Extension Delhi Ncr9643097474 Full Enjoy @24/7 Call Girls In Khirki Extension Delhi Ncr
9643097474 Full Enjoy @24/7 Call Girls In Khirki Extension Delhi Ncrthapariya601
 
Call Girls In saket 9711800081 Low Rate Short 1500 Night ...
Call Girls In saket 9711800081 Low Rate Short 1500 Night ...Call Girls In saket 9711800081 Low Rate Short 1500 Night ...
Call Girls In saket 9711800081 Low Rate Short 1500 Night ...gitathapa4
 
Trusted Call~Girls In Shahdara Delhi ꧁❤ 9667422720 ❤꧂Escorts
Trusted Call~Girls In Shahdara Delhi ꧁❤ 9667422720 ❤꧂EscortsTrusted Call~Girls In Shahdara Delhi ꧁❤ 9667422720 ❤꧂Escorts
Trusted Call~Girls In Shahdara Delhi ꧁❤ 9667422720 ❤꧂EscortsLipikasharma29
 
Call Girls In Dwarka Delhi 💯Call Us 🔝9711014705🔝
Call Girls In Dwarka Delhi 💯Call Us 🔝9711014705🔝Call Girls In Dwarka Delhi 💯Call Us 🔝9711014705🔝
Call Girls In Dwarka Delhi 💯Call Us 🔝9711014705🔝thapagita
 
Call Us ≽ 9643900018 ≼ Call Girls In Sarojini Nagar (Delhi)
Call Us ≽ 9643900018 ≼ Call Girls In Sarojini Nagar (Delhi)Call Us ≽ 9643900018 ≼ Call Girls In Sarojini Nagar (Delhi)
Call Us ≽ 9643900018 ≼ Call Girls In Sarojini Nagar (Delhi)ayushiverma1100
 
Call Girls in Janakpuri Delhi 💯 Call Us 🔝9667422720🔝
Call Girls in Janakpuri Delhi 💯 Call Us 🔝9667422720🔝Call Girls in Janakpuri Delhi 💯 Call Us 🔝9667422720🔝
Call Girls in Janakpuri Delhi 💯 Call Us 🔝9667422720🔝Lipikasharma29
 
Call Girls In {Aerocity Delhi} 9667938988 Cheap Price Your Budget & Cash Payment
Call Girls In {Aerocity Delhi} 9667938988 Cheap Price Your Budget & Cash PaymentCall Girls In {Aerocity Delhi} 9667938988 Cheap Price Your Budget & Cash Payment
Call Girls In {Aerocity Delhi} 9667938988 Cheap Price Your Budget & Cash Paymentaakahthapa70
 
FULL ENJOY Call Girls In Gurgaon Call 8588836666 Escorts Service
FULL ENJOY Call Girls In Gurgaon Call 8588836666 Escorts ServiceFULL ENJOY Call Girls In Gurgaon Call 8588836666 Escorts Service
FULL ENJOY Call Girls In Gurgaon Call 8588836666 Escorts ServiceCALLGIRLS DELHI
 
9643097474 Full Enjoy @24/7 Call Girls In Moti Nagar Delhi Ncr
9643097474 Full Enjoy @24/7 Call Girls In Moti Nagar Delhi Ncr9643097474 Full Enjoy @24/7 Call Girls In Moti Nagar Delhi Ncr
9643097474 Full Enjoy @24/7 Call Girls In Moti Nagar Delhi Ncrthapariya601
 

Recently uploaded (20)

9643097474 Full Enjoy @24/7 Call Girls In Mahipalpur Delhi Ncr
9643097474 Full Enjoy @24/7 Call Girls In Mahipalpur Delhi Ncr9643097474 Full Enjoy @24/7 Call Girls In Mahipalpur Delhi Ncr
9643097474 Full Enjoy @24/7 Call Girls In Mahipalpur Delhi Ncr
 
Call Girls In Lahore || 03010449222 ||Lahore Call Girl Available 24/7
Call Girls In Lahore || 03010449222 ||Lahore Call Girl Available 24/7Call Girls In Lahore || 03010449222 ||Lahore Call Girl Available 24/7
Call Girls In Lahore || 03010449222 ||Lahore Call Girl Available 24/7
 
Call Girls In {Aerocity Delhi} 98733@20244 Indian Russian High Profile Girls ...
Call Girls In {Aerocity Delhi} 98733@20244 Indian Russian High Profile Girls ...Call Girls In {Aerocity Delhi} 98733@20244 Indian Russian High Profile Girls ...
Call Girls In {Aerocity Delhi} 98733@20244 Indian Russian High Profile Girls ...
 
Hot Vip Call Girls Service In Sector 149,9818099198 Young Female Escorts Serv...
Hot Vip Call Girls Service In Sector 149,9818099198 Young Female Escorts Serv...Hot Vip Call Girls Service In Sector 149,9818099198 Young Female Escorts Serv...
Hot Vip Call Girls Service In Sector 149,9818099198 Young Female Escorts Serv...
 
9643097474 Full Enjoy @24/7 Call Girls In Munirka Delhi Ncr
9643097474 Full Enjoy @24/7 Call Girls In Munirka Delhi Ncr9643097474 Full Enjoy @24/7 Call Girls In Munirka Delhi Ncr
9643097474 Full Enjoy @24/7 Call Girls In Munirka Delhi Ncr
 
Call Girls In Saket Delhi 9953056974 (Low Price) Escort Service Saket Delhi
Call Girls In Saket Delhi 9953056974 (Low Price) Escort Service Saket DelhiCall Girls In Saket Delhi 9953056974 (Low Price) Escort Service Saket Delhi
Call Girls In Saket Delhi 9953056974 (Low Price) Escort Service Saket Delhi
 
Call Girls in Lahore || 03081633338 || 50+ ❤️ Sexy Girls Babes for Sexual - vip
Call Girls in Lahore || 03081633338 || 50+ ❤️ Sexy Girls Babes for Sexual - vipCall Girls in Lahore || 03081633338 || 50+ ❤️ Sexy Girls Babes for Sexual - vip
Call Girls in Lahore || 03081633338 || 50+ ❤️ Sexy Girls Babes for Sexual - vip
 
9899855202 Call Girls In Goa This Ads Is Only For Those Clients Who Are Looki...
9899855202 Call Girls In Goa This Ads Is Only For Those Clients Who Are Looki...9899855202 Call Girls In Goa This Ads Is Only For Those Clients Who Are Looki...
9899855202 Call Girls In Goa This Ads Is Only For Those Clients Who Are Looki...
 
Call Girls In {Laxmi Nagar Delhi} 9667938988 Indian Russian High Profile Girl...
Call Girls In {Laxmi Nagar Delhi} 9667938988 Indian Russian High Profile Girl...Call Girls In {Laxmi Nagar Delhi} 9667938988 Indian Russian High Profile Girl...
Call Girls In {Laxmi Nagar Delhi} 9667938988 Indian Russian High Profile Girl...
 
NASHIK CALL GIRL 92628*71154 NASHIK CALL
NASHIK CALL GIRL 92628*71154 NASHIK CALLNASHIK CALL GIRL 92628*71154 NASHIK CALL
NASHIK CALL GIRL 92628*71154 NASHIK CALL
 
Call Us ≽ 9643900018 ≼ Call Girls In Lado Sarai (Delhi)
Call Us ≽ 9643900018 ≼ Call Girls In Lado Sarai (Delhi)Call Us ≽ 9643900018 ≼ Call Girls In Lado Sarai (Delhi)
Call Us ≽ 9643900018 ≼ Call Girls In Lado Sarai (Delhi)
 
9643097474 Full Enjoy @24/7 Call Girls In Khirki Extension Delhi Ncr
9643097474 Full Enjoy @24/7 Call Girls In Khirki Extension Delhi Ncr9643097474 Full Enjoy @24/7 Call Girls In Khirki Extension Delhi Ncr
9643097474 Full Enjoy @24/7 Call Girls In Khirki Extension Delhi Ncr
 
Call Girls In saket 9711800081 Low Rate Short 1500 Night ...
Call Girls In saket 9711800081 Low Rate Short 1500 Night ...Call Girls In saket 9711800081 Low Rate Short 1500 Night ...
Call Girls In saket 9711800081 Low Rate Short 1500 Night ...
 
Trusted Call~Girls In Shahdara Delhi ꧁❤ 9667422720 ❤꧂Escorts
Trusted Call~Girls In Shahdara Delhi ꧁❤ 9667422720 ❤꧂EscortsTrusted Call~Girls In Shahdara Delhi ꧁❤ 9667422720 ❤꧂Escorts
Trusted Call~Girls In Shahdara Delhi ꧁❤ 9667422720 ❤꧂Escorts
 
Call Girls In Dwarka Delhi 💯Call Us 🔝9711014705🔝
Call Girls In Dwarka Delhi 💯Call Us 🔝9711014705🔝Call Girls In Dwarka Delhi 💯Call Us 🔝9711014705🔝
Call Girls In Dwarka Delhi 💯Call Us 🔝9711014705🔝
 
Call Us ≽ 9643900018 ≼ Call Girls In Sarojini Nagar (Delhi)
Call Us ≽ 9643900018 ≼ Call Girls In Sarojini Nagar (Delhi)Call Us ≽ 9643900018 ≼ Call Girls In Sarojini Nagar (Delhi)
Call Us ≽ 9643900018 ≼ Call Girls In Sarojini Nagar (Delhi)
 
Call Girls in Janakpuri Delhi 💯 Call Us 🔝9667422720🔝
Call Girls in Janakpuri Delhi 💯 Call Us 🔝9667422720🔝Call Girls in Janakpuri Delhi 💯 Call Us 🔝9667422720🔝
Call Girls in Janakpuri Delhi 💯 Call Us 🔝9667422720🔝
 
Call Girls In {Aerocity Delhi} 9667938988 Cheap Price Your Budget & Cash Payment
Call Girls In {Aerocity Delhi} 9667938988 Cheap Price Your Budget & Cash PaymentCall Girls In {Aerocity Delhi} 9667938988 Cheap Price Your Budget & Cash Payment
Call Girls In {Aerocity Delhi} 9667938988 Cheap Price Your Budget & Cash Payment
 
FULL ENJOY Call Girls In Gurgaon Call 8588836666 Escorts Service
FULL ENJOY Call Girls In Gurgaon Call 8588836666 Escorts ServiceFULL ENJOY Call Girls In Gurgaon Call 8588836666 Escorts Service
FULL ENJOY Call Girls In Gurgaon Call 8588836666 Escorts Service
 
9643097474 Full Enjoy @24/7 Call Girls In Moti Nagar Delhi Ncr
9643097474 Full Enjoy @24/7 Call Girls In Moti Nagar Delhi Ncr9643097474 Full Enjoy @24/7 Call Girls In Moti Nagar Delhi Ncr
9643097474 Full Enjoy @24/7 Call Girls In Moti Nagar Delhi Ncr
 

Comodo MDR Provides Comprehensive SOC-as-a-Service Platform

  • 1. This ESG Technical Review was commissioned by Comodo Cybersecurity and is distributed under license from ESG. © 2018 by The Enterprise Strategy Group, Inc. All Rights Reserved. Abstract This ESG Technical Review documents hands-on testing of the Comodo MDR security operations center (SOC)-as-a-service platform. We focus on how Comodo MDR provides defense-in-depth for organizations’ network, endpoints, web, and cloud infrastructure as a bundled, cost-efficient service. The Challenges As ESG’s annual IT spending intentions survey reveals, the global cybersecurity skills shortage continues unabated. In 2018, 51% of respondents state their organization has a problematic shortage (see Figure 1), up from 45% in 2017.1 IT and security staff face an ever-growing amount of internally and externally generated data, hindering their ability to uncover and resolve threats quickly, and preventing them from keeping skills sets up to date. The skills gap threatens the ability of organizations to maintain effective security controls and minimize risk. Figure 1. Top Ten Areas of IT Skills Shortage Source: Enterprise Strategy Group Organizations need effective cybersecurity management—aggregating data, prioritizing action, and distributing work—to handle the ever-increasing velocity and volume of cyber-attacks. Greater efficiency and automation can prevent organizations from being overwhelmed. Cybersecurity leaders who grasp the impact of the skills shortage should consider investing in developing skills and seeking products that improve operational efficiency. This may be why, according to ESG research, 36% of organizations stated that improving security and risk management was one of their top justifications for IT investments. 1 Source: ESG Research Report, 2018 IT Spending Intentions Survey, February 2018. All ESG research references and charts in this technical review have been taken from this research report. 22% 23% 24% 25% 25% 25% 26% 26% 33% 51% Storage administration Network administration Mobile application development Business intelligence/data analytics Compliance management, monitoring and reporting Application development Data protection (i.e., backup and recovery) Server/virtualization administration IT architecture/planning Cybersecurity In which of the following areas do you believe your IT organization currently has a problematic shortage of existing skills? (Percent of respondents, N=620, multiple responses accepted) TechnicalReview ComodoMDR:SecurityOperationsCenter-as-a-service Date: November 2018 Author: Tony Palmer, Senior Validation Analyst; and Jack Poller, Senior Analyst Enterprise Strategy Group | Getting to the bigger truth.™
  • 2. Technical Review: Comodo MDR: Security Operations Center-as-a-service 2 © 2018 by The Enterprise Strategy Group, Inc. All Rights Reserved. The Solution: Comodo MDR Comodo MDR is an integrated suite of managed detection and response technologies and services for advanced cybersecurity. The security operations center-as-a-service (SOCaaS) includes managed network (NDR), endpoint (EDR), web (WDR), and cloud (CDR) detection and response modules. Comodo MDR models operations on the NIST Cybersecurity Framework—standards, guidelines, and best practices to manage cybersecurity-related risk. NIST designed the framework to provide a prioritized, flexible, and cost-effective approach to promote the protection and resilience of IT infrastructure. This framework is organized around: • Identify—Organizations can identify emerging threats using continuous log monitoring and behavioral anomaly detection integrated with external threat intelligence sources. • Protect—Managed detection and response is layered on top of network, endpoint, cloud, and web detection and response and uses continuous monitoring as part of the defense-in-depth strategy to ensure perimeter, endpoint, back-end, and DMZ systems are free from compromise. • Detect—Event correlations, behavioral analyses, real-time event processing, and correlation across all sensors enable detection of attacks. • Respond—Preemptive containment technology, automation, and integration with various playbooks enable analysts to make the appropriate decisions, containing attacks and removing the possibility of attack propagation. • Recover—Incident and case management services support enables onsite staff to manage the process of recovering from an attack. • Review—Complete logging from event detection through response and recovery provide the mechanism for the cybersecurity team to review, adapt, and improve security and response for changes in adversary threats and techniques. Why Comodo MDR? ESG asked organizations what they felt were the three most important attributes of a cybersecurity platform.2 Broad coverage across threat vectors like email and web (38%), central management across all products and services (33%), capabilities across prevention, detection, and response (31%), and coverage that spans endpoints, networks, servers, and cloud-based workloads (27%) were the top four responses. Cloud-based back-end services and tightly-coupled products and services—i.e., products and managed service options offering central command-and-control—were also cited. ESG analyzed MDR offerings from five vendors including Comodo MDR to estimate the maturity level of the market versus Comodo’s MDR offering. All vendors provided a few key features that can be defined as baseline MDR functionality. These features include managed network detection and response, integration with threat intelligence feeds, security monitoring, incident analysis, log data collection and correlation, and dedicated support staff. Comodo’s global real-time support architecture includes 24x7 monitoring and detection at three unique global sites with five separate threat labs and is staffed by more than 150 cybersecurity experts. Comodo has a more holistic view of what an MDR platform should be and has integrated all their technologies and products into the offering. There are numerous categories of functionality where Comodo MDR differentiates itself, detailed in Table 1. 2 Source: ESG Master Survey Results, Enterprise-class Cybersecurity Vendor Sentiment Survey, October 2018 Respond Detect ProtectIdentify Review Recover
  • 3. Technical Review: Comodo MDR: Security Operations Center-as-a-service 3 © 2018 by The Enterprise Strategy Group, Inc. All Rights Reserved. Table 1. Comodo MDR Service Analysis Service Other MDR Vendors Comodo MDR Managed endpoint detection and response Other vendors we examined offer some level of managed endpoint detection and response. • Base-event level environment analysis. • Granular root-cause analysis. Managed application detection and response; Managed cloud detection and response Most vendors we examined offer application and cloud detection and response. • Monitors user access and security configuration changes. • Data loss prevention for cloud apps. • Threat and anomaly detection and remediation. Managed web detection and response No vendors we examined offer managed web detection and response. • Web Application Firewall (WAF) provisioned over a Secure Content Delivery Network (CDN) • Staffed by certified security analysts in a 24x7x365 Cyber Security Operations Center (CSOC). • Powered by a SIEM that leverages data from over 85 million endpoints. User and entity behavior analytics Other vendors we examined offer some level of user and entity behavior analytics • Profiling and alerting for anomalous behaviors and patterns on network, cloud, and endpoint assets. Threat hunting Other vendors we examined offer some level of a threat hunting service. • Data visualization and analysis, statistical correlations, and data pivoting. • Base-event granularity to enable analysts to hunt for threats throughout the environment. Incident response Other vendors we examined offer some level of incident response. • Multiple diverse techniques to disrupt and contain threats: APIs, watchlists, rules updates, isolation of processes or hosts from the network via endpoint agents, and/or locking and suspending user accounts. Case management Most vendors we examined offer some level of case management. • Workflow integration tools prioritize alerts correctly to increase the speed and accuracy of remediation. Pre-emptive containment No vendors we examined offered pre-emptive containment. • Comodo MDR offers a pre-emptive approach to containment, using the Valkyrie file verdict system to isolate unknown files on endpoints and return a fast decision. Cloud-based SIEM Some vendors we examined offer a cloud based SIEM, others rely on on-premises offerings. • Event and forensic data across multiple network, endpoint, web, and cloud sensors are made available in a uniform log with a standardized visual interface. • Included in MDR with no licensing, infrastructure, or CapEx required. AI support Some vendors we examined leverage some level of AI and machine learning. • Semi-supervised artificial intelligence engine. • Comodo’s cybersecurity analyst decisions are fed into the AI intelligence engine to accelerate the detection and response to new threats. Source: Enterprise Strategy Group Comodo’s goal is to redefine SOC operations, turning the current model on its head. Today, organizations employ numerous tier-1 cybersecurity analysts to monitor feeds and alerts from many independent tools from different vendors and sift through false positives, “screen watchers,” if you will. Comodo MDR is designed to provide intelligent automation to enable
  • 4. Technical Review: Comodo MDR: Security Operations Center-as-a-service 4 © 2018 by The Enterprise Strategy Group, Inc. All Rights Reserved. people to be deployed on more strategic and valuable tasks. Using Comodo MDR also enables organizations to extend their IT and security staff capabilities with Comodo’s three-tiered analyst-supported SOC services. Another important challenge for organizations is threats and attacks from outside their sphere of awareness. Organizations pay close attention to their own network and the devices and activity on it, but other attack spaces—the deep web and dark web, for example—might be completely invisible to them. Comodo MDR pulls data and intelligence from all areas into its platform to provide actionable intelligence to enable organizations to hunt for threats. ESG Lab Tested First, ESG looked at Comodo EDR with a goal of validating how it provides alerting for early warnings of known and unknown threats as well as detection of events and response. Comodo EDR requires a lightweight endpoint agent that consumes less than 1% CPU and 15-20MB RAM and can be deployed via group policy object (GPO) or by remote script execution on Comodo ONE, Comodo’s remote monitoring and management platform. The EDR dashboard, seen in Figure 2, provides a summary view of malware and suspicious activity, including both early-warning alerts and detections of malware attacks. All are clickable links, enabling quick drill-down and investigation. In this case, we noted the most alerted endpoint, clicked on the total alerts link, and selected the endpoint to see the list of alerts associated with it. Figure 2. The Comodo EDR Dashboard Source: Enterprise Strategy Group In the alerts, we selected the top suspicious system process creation alert and clicked details. This showed us details on the file that created the suspicious process, including the file trajectory (i.e., movement of the file inside an organization), how the file operated (i.e., through PowerShell), and what specific commands were executed. There is a tremendous amount of additional detail and context provided by Comodo EDR that enables organizations to easily see which endpoints have executed this file and all the events the file has been involved in. This file was an unknown file when these alerts were generated, and EDR provided an early warning that enabled quick investigation and response. Next, we looked at how Comodo NDR works with on-premises sensors and other Comodo MDR components to collect and process logs and data from customer networks and automatically create incidents in the Comodo SOC. We EDR leverages Comodo’s fully- customizable security policies. All license types come with Comodo’s set of recommended security policies, but customers can customize security policies that alert on based on their business requirements.
  • 5. Technical Review: Comodo MDR: Security Operations Center-as-a-service 5 © 2018 by The Enterprise Strategy Group, Inc. All Rights Reserved. simulated multiple malware attacks on a test workstation running Windows 10 and the Comodo Internet Security client. We launched multiple malware attacks from the wicar.org website to observe how Comodo MDR integrates Comodo’s suite of security offerings. Figure 3 shows the Comodo NDR dashboard after the malware payloads were detonated; incidents were generated automatically by the appropriate Comodo NDR component for detected malware, activities, behaviors, and intrusions. Figure 3. Automatically Generated Incidents in Comodo NDR Source: Enterprise Strategy Group Next, we looked at how cWatch Web enables organizations to protect their websites leveraging Comodo’s cloud-based SOC. We logged in to the cWatch Web customer portal, seen in Figure 4. Figure 4. The cWatch Web Dashboard Source: Enterprise Strategy Group In the customer portal, organizations start with a summary view of their sites that are protected by cWatch Web. In addition to overviews of malware, vulnerabilities, and blocked attacks, an organization can easily drill down into any of its sites and learn more about any of the categories listed, such as reputation, malware, vulnerabilities, etc. We clicked on the site name oilandgastechnoloy.net and selected Malware.
  • 6. Technical Review: Comodo MDR: Security Operations Center-as-a-service 6 © 2018 by The Enterprise Strategy Group, Inc. All Rights Reserved. Figure 5. The cWatch Web Dashboard Source: Enterprise Strategy Group As Figure 5 shows, in a scheduled scan, nine instances of malware were found on this site. Behind the scenes, nine tickets requesting cleanup were automatically opened in the Comodo SOC, and all nine were automatically cleaned. cWatch Web also takes automated actions to address vulnerabilities in multiple categories and has the availability to virtually patch servers by creating targeted firewall rules to address open vulnerabilities until a patch becomes available. ESG looked at multiple other components of the Comodo solution and how they integrated into the overall service. One example is Valkyrie, Comodo’s cloud-based file analysis platform that provides static, dynamic, and human expert analysis for submitted known and unknown files. Valkyrie is the file analysis platform for all Comodo 360 network and endpoint solutions. Valkyrie’s verdict-driven file analysis platform processes over 200 million unknown file submissions per day, uncovering more than 300 million unknown files every year leveraging integrated Comodo solutions, partners, and their active global community of threat researchers. Why This Matters To address the cybersecurity skills gap, organizations need efficiency and automation for effective cybersecurity management if they hope to handle the ever-increasing velocity and volume of cyber-attacks without being overwhelmed. According to ESG research, 36% of organizations stated that improving security and risk management was one of their top justifications for IT investments. Comodo has created an integrated, cloud-based SOCaaS offering that enables organizations to quickly and easily leverage the components they need—endpoint, network, web, cloud, or all four—along with Comodo’s team of highly skilled security analysts to improve their security posture simply and cost-effectively. Addressing malware on websites is very different from addressing malware on endpoints. Backdoors, code inserted into legitimate PHP scripts, and other non-executable components that are designed to deliver the payload would not be detected by traditional endpoint protection, which scans for executables and their behaviors.
  • 7. Technical Review: Comodo MDR: Security Operations Center-as-a-service 7 © 2018 by The Enterprise Strategy Group, Inc. All Rights Reserved. The Bigger Truth The ever-increasing volume and velocity of data, the shift to cloud architectures, digital transformation initiatives, and the growing sophistication of malicious actors are putting increasing demands on IT infrastructures, and high-performant cybersecurity solutions are often hampered by the increasing complexity of IT infrastructures. According to recent ESG research, more than two-thirds of surveyed organizations said that their IT environment has gotten more complex in the last two years. This complexity blurs the infrastructure perimeter, and makes it difficult to defend network, endpoint, cloud, and web workloads. Thus, it’s no surprise that organizations are seeking to identify the best comprehensive security solution for their IT infrastructure. When a security event hits, many organizations scramble for answers to questions such as: • What happened? • Who perpetrated it? • Where did it occur? • When did it begin? • How did it happen? • Why was it possible? • And arguably the most important: What should we do now? Effective incident response should handle all these questions quickly and effectively. ESG testing revealed that Comodo MDR enables organizations to quickly deploy and integrate a turnkey SOC for defense-in-depth protection of their critical assets (i.e., endpoints, networks, websites, and cloud resources), unifying all those different pieces under a common control framework and enabling organizations to not only be able to answer the questions listed above, but understand how to strengthen their security posture and prevent events in the future. • NIST Cybersecurity Framework—Comodo MDR follows the well-known and well-regarded framework to identify, prevent, detect, respond to, and recover from threats and attacks. • Improved economics—Comodo’s SOCaaS delivers all features and functionality using an as-a-service model and reduces requirements for capital investments in cybersecurity IT infrastructure, software licenses, and the need for highly trained senior cybersecurity personnel. • Global, real-time support— Comodo MDR uses a “follow-the-sun” model, with 24x7 monitoring and detection using three unique global sites, five separate threat labs, and more than 150 professionals and cybersecurity experts. • Uniformity—Comodo MDR’s security information and event manager (SIEM) makes all event and forensic data across multiple network, endpoint, web, and cloud sensors available in a uniform log with a standardized visual interface. • Preemptive containment—Comodo patented technology preemptively contains and stops threats by denying malicious activity while allowing normal operations. • Comprehensive coverage—Comodo MDR incorporates customer sensors for network, endpoint, web, and cloud workloads. • Comprehensive threat hunting—Comodo provides a platform that delivers data visualization and analysis, statistical correlations, data pivoting, and other tools to enable security analysts to hunt for threats throughout the environment. • AI guided MDR—Comodo’s semi-supervised artificial intelligence engine learns from the activities and operations of Comodo’s cybersecurity experts, accelerating the detection and response to new threats. Organizations interested in automating the repetitive, tactical activities that consume their security teams today and move toward a proactive, intelligence-led model of prevention would be smart to explore how Comodo’s MDR SOC-as-a-service can improve the operational efficiency of their cybersecurity teams, enabling them to rapidly and accurately answer those questions and improve their cybersecurity posture.
  • 8. Technical Review: Comodo MDR: Security Operations Center-as-a-service 8 © 2018 by The Enterprise Strategy Group, Inc. All Rights Reserved.www.esg-global.com contact@esg-global.com P.508.482.0188 © 2018 by The Enterprise Strategy Group, Inc. All Rights Reserved. All trademark names are property of their respective companies. Information contained in this publication has been obtained by sources The Enterprise Strategy Group (ESG) considers to be reliable but is not warranted by ESG. This publication may contain opinions of ESG, which are subject to change. This publication is copyrighted by The Enterprise Strategy Group, Inc. Any reproduction or redistribution of this publication, in whole or in part, whether in hard-copy format, electronically, or otherwise to persons not authorized to receive it, without the express consent of The Enterprise Strategy Group, Inc., is in violation of U.S. copyright law and will be subject to an action for civil damages and, if applicable, criminal prosecution. Should you have any questions, please contact ESG Client Relations at 508.482.0188. The goal of ESG Validation reports is to educate IT professionals about information technology solutions for companies of all types and sizes. ESG Validation reports are not meant to replace the evaluation process that should be conducted before making purchasing decisions, but rather to provide insight into these emerging technologies. Our objectives are to explore some of the more valuable features and functions of IT solutions, show how they can be used to solve real customer problems, and identify any areas needing improvement. The ESG Validation Team’s expert third- party perspective is based on our own hands-on testing as well as on interviews with customers who use these products in production environments.