SlideShare a Scribd company logo

Discover, Analyze, Respond to Advanced Threats

Sam Kumarsamy
Sam Kumarsamy

The document summarizes an integration between Damballa Failsafe and the Blue Coat Security Analytics Platform. It allows organizations to rapidly discover infected devices, analyze threats, and respond quickly. Damballa Failsafe can find hidden infections and prioritize risks, while the Security Analytics Platform provides comprehensive threat intelligence and analysis of network activity to help responders understand attacks. The integration enables information sharing so Failsafe alerts can be investigated further using full packet data from the Security Analytics solution.

1 of 2
Download to read offline
Security Empowers Business SOLUTION BRIEF The prevailing security mindset has shifted from preventing infection to assuming compromise. As new advanced threats continue to circumvent traditional security tools, enterprises are searching for better solutions that improve visibility and time to respond. Tools that help responders adapt to the evolving threat landscape are in high demand. Solutions need to rapidly discover, validate, and prioritize assets under a threat actor’s control. Comprehensive, real-time threat intelligence and advanced forensics are keys to understanding the kill chain of an attack and improving the overall security posture. Solution Overview Damballa Failsafe, a leader in finding hidden infections with certainty, and the award winning Blue Coat Security Analytics Platform, have teamed up to provide world class advanced threat discovery and analytics to enable swift and intelligent incident response. Together Failsafe and the Security Analytics Platform allow organizations to: • Discover and Prioritize – Find infections in seconds, minutes, or hours, not weeks or months. Dynamic risk scoring shows which infections pose the highest damage potential. • Analyze and Respond – Comprehensive and conclusive analysis strengthens security incident response. Damballa Failsafe is unmatched at finding advanced threats that have bypassed prevention controls, and in prioritizing their risk. The Security Analytics Platform extracts and reconstructs all attributes associated with advanced malware and threats, including source and destination IPs, as well as every packet, flow, file, and application detail associated with an attack. The Security Analytics technology also leverages the Blue Coat Global Intelligence Network – aggregated threat intelligence from 15,000 customers and 75 million users – and Blue Coat ThreatBLADES, which provide instant, actionable intelligence about web, email, or file-based threats. The Security Analytics Platform provides security professionals clear and concise answers to critical post-breach security questions, including: Who did this? How? When? What was accessed? It records and classifies every packet of network traffic – from Layer 2 through Layer 7 – while indexing and storing the data to provide comprehensive threat intelligence and post-breach analytics on any security event. How it Works The open, web services REST API in the Security Analytics Platform enables direct integration to Damballa Failsafe. Failsafe allows first responders a pivot directly from an infected assets page to full packet-level detail in the Security Analytics solution. This allows instant visibility into other relevant activity from infected devices. The Security Analytics Platform acts like a security camera on the network, to record and index BLUE COAT TECHNOLOGY PARTNER: DAMBALLA Partner: Damballa Partner Product: Failsafe Blue Coat Product: Security Analytics Platform Users Servers Mobile API Security Analytics Appliance with ThreatBLADES Global Intelligence Network Damballa Failsafe Tap/Span Tap/Span 1. Damballa Failsafe – Discovers infected devices, suspected devices, and active C&C domains 2. Damballa Failsafe – Using the Security Analytics API creates lists of infected assets, suspected assets, and active Command and Control (C&C) domains 3. Security Analytics – Provides instant visibility into infected assets and correlated endpoint processes 4. Security Analytics – Enables quick updates to security policies based on corroborated evidence of an attack
Security Empowers Business SOLUTION BRIEF © 2014 Blue Coat Systems, Inc. All rights reserved. Blue Coat, the Blue Coat logos, ProxySG, PacketShaper, CacheFlow, IntelligenceCenter, CacheEOS, CachePulse, Crossbeam, K9, the K9 logo, DRTR, Mach5, Packetwise, Policycenter, ProxyAV, ProxyClient, SGOS, WebPulse, Solera Networks, the Solera Networks logos, DeepSee, “See Everything. Know Everything.”, “Security Empowers Business”, and BlueTouch are registered trademarks or trademarks of Blue Coat Systems, Inc. or its affiliates in the U.S. and certain other countries. This list may not be complete, and the absence of a trademark from this list does not mean it is not a trademark of Blue Coat or that Blue Coat has stopped using the trademark. All other trademarks mentioned in this document owned by third parties are the property of their respective owners. This document is for informational purposes only. Blue Coat makes no warranties, express, implied, or statutory, as to the information in this document. Blue Coat products, technical services, and any other technical data referenced in this document are subject to U.S. export control and sanctions laws, regulations and requirements, and may be subject to export or import regulations in other countries. You agree to comply strictly with these laws, regulations and requirements, and acknowledge that you have the responsibility to obtain any licenses, permits or other approvals that may be required in order to export, re-export, transfer in country or import after delivery to you. v.SB-TECHPARTNER-SAPLATFORM-DAMBALLA-EN-v1a-1214 Blue Coat Systems Inc. www.bluecoat.com Corporate Headquarters Sunnyvale, CA +1.408.220.2200 EMEA Headquarters Hampshire, UK +44.1252.554600 APAC Headquarters Singapore +65.6826.7000 full packet captures of all activity – even on today’s fastest networks. Captured packet data can then be analyzed to provide context that enables rapid response to Damballa alerts. For example, when Damballa Failsafe generates an asset alert within the console, alert parameters are seamlessly passed to the Security Analytics Platform, which responds with a complete analysis, detailing what occurred before, during and after the event. The Failsafe user can even recreate actual artifacts (documents, files, executables, etc.) from stored packet data. By reconstructing what happened before an infection, the Security Analytics Platform determines the root cause and provides the intelligence needed to prevent other assets from falling victim to the same attack. Using the API, Failsafe also creates “Favorites” in the Security Analytics Platform management console. Failsafe creates lists of infected assets, suspected assets, and active Command and Control (C&C) domains. This enables Incident responders to quickly analyze traffic to and from compromised assets and then take swift and focused action. Damballa Failsafe also publishes active C&C domains with successful connections for immediate response. The integration between Damballa Failsafe and Blue Coat Security Analytics is: • Powerful – Rapidly find hidden infections with certainty • Fast – Gain instant visibility into suspected/infected assets and correlated endpoint processes • Actionable – Quickly update security policies based on corroborated evidence EXAMPLE Damballa Failsafe identifies successful connections to a new C&C infrastructure. A never-before-seen attack has successfully bypassed traditional security tools and has infected several devices on the network. Failsafe dynamically pushes the newly identified C&C domain to the Favorites list in the Security Analytics Platform where responders can quickly search for all assets that have attempted connections to the active C&C domain and can then remove them from the network. Key Benefits Damballa Failsafe and Blue Coat Security Analytics Platform provide enterprises with clear and concise actionable intelligence for advanced threats and compromised assets to: • Rapidly detect, prioritize and remediate infected devices • Respond to infections and advanced threats in near real-time • Quickly implement and update security controls, preventing further compromise • Gain better visibility of security posture regarding “hidden” and zero-day threats About Damballa As experts in advanced threat protection and containment, Damballa discovers actual infections that have already bypassed security prevention layers. Damballa identifies evidence of malicious network traffic to rapidly pinpoint compromised devices that represent the highest risk to a business. Our patented solutions leverage Big Data from the industry’s broadest data set of consumer and enterprise network traffic, combined with machine learning. This enables us to automatically discover and terminate criminal activity, stop data theft, minimize business disruption and reduce time to response. Damballa protects any device or OS regardless of threat entry point. Damballa protects approximately half a billion devices globally at enterprises in every major market and for the world’s largest ISP and telecommunications providers. For more information, visit www.damballa.com, or follow us on Twitter @DamballaInc. For More Information Learn more about Blue Coat technology partners on our website.

Recommended

DON'T Use Two-Factor Authentication...Unless You Need It!
DON'T Use Two-Factor Authentication...Unless You Need It!DON'T Use Two-Factor Authentication...Unless You Need It!
DON'T Use Two-Factor Authentication...Unless You Need It!Priyanka Aash
 
McAfee - Enterprise Security Manager (ESM) - SIEM
McAfee - Enterprise Security Manager (ESM) - SIEMMcAfee - Enterprise Security Manager (ESM) - SIEM
McAfee - Enterprise Security Manager (ESM) - SIEMIftikhar Ali Iqbal
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmPriyanka Aash
 
INFOGRAPHIC▶ Protecting Corporate Information In the Cloud
INFOGRAPHIC▶ Protecting Corporate Information In the CloudINFOGRAPHIC▶ Protecting Corporate Information In the Cloud
INFOGRAPHIC▶ Protecting Corporate Information In the CloudSymantec
 
Security Analytics for Data Discovery - Closing the SIEM Gap
Security Analytics for Data Discovery - Closing the SIEM GapSecurity Analytics for Data Discovery - Closing the SIEM Gap
Security Analytics for Data Discovery - Closing the SIEM GapEric Johansen, CISSP
 
PPT-Splunk-LegacySIEM-101_FINAL
PPT-Splunk-LegacySIEM-101_FINALPPT-Splunk-LegacySIEM-101_FINAL
PPT-Splunk-LegacySIEM-101_FINALRisi Avila
 
Cis controls v8_guide (1)
Cis controls v8_guide (1)Cis controls v8_guide (1)
Cis controls v8_guide (1)MHumaamAl
 
McAfee - McAfee Active Response (MAR) - Endpoint Detection & Response (EDR)
McAfee - McAfee Active Response (MAR) - Endpoint Detection & Response (EDR)McAfee - McAfee Active Response (MAR) - Endpoint Detection & Response (EDR)
McAfee - McAfee Active Response (MAR) - Endpoint Detection & Response (EDR)Iftikhar Ali Iqbal
 

Recommended

DON'T Use Two-Factor Authentication...Unless You Need It!
DON'T Use Two-Factor Authentication...Unless You Need It!DON'T Use Two-Factor Authentication...Unless You Need It!
DON'T Use Two-Factor Authentication...Unless You Need It!Priyanka Aash
 
McAfee - Enterprise Security Manager (ESM) - SIEM
McAfee - Enterprise Security Manager (ESM) - SIEMMcAfee - Enterprise Security Manager (ESM) - SIEM
McAfee - Enterprise Security Manager (ESM) - SIEMIftikhar Ali Iqbal
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmPriyanka Aash
 
INFOGRAPHIC▶ Protecting Corporate Information In the Cloud
INFOGRAPHIC▶ Protecting Corporate Information In the CloudINFOGRAPHIC▶ Protecting Corporate Information In the Cloud
INFOGRAPHIC▶ Protecting Corporate Information In the CloudSymantec
 
Security Analytics for Data Discovery - Closing the SIEM Gap
Security Analytics for Data Discovery - Closing the SIEM GapSecurity Analytics for Data Discovery - Closing the SIEM Gap
Security Analytics for Data Discovery - Closing the SIEM GapEric Johansen, CISSP
 
PPT-Splunk-LegacySIEM-101_FINAL
PPT-Splunk-LegacySIEM-101_FINALPPT-Splunk-LegacySIEM-101_FINAL
PPT-Splunk-LegacySIEM-101_FINALRisi Avila
 
Cis controls v8_guide (1)
Cis controls v8_guide (1)Cis controls v8_guide (1)
Cis controls v8_guide (1)MHumaamAl
 
McAfee - McAfee Active Response (MAR) - Endpoint Detection & Response (EDR)
McAfee - McAfee Active Response (MAR) - Endpoint Detection & Response (EDR)McAfee - McAfee Active Response (MAR) - Endpoint Detection & Response (EDR)
McAfee - McAfee Active Response (MAR) - Endpoint Detection & Response (EDR)Iftikhar Ali Iqbal
 
Incident response-in-the-cloud
Incident response-in-the-cloudIncident response-in-the-cloud
Incident response-in-the-cloudPriyanka Aash
 
Get Your Head in the Cloud: A Practical Model for Enterprise Cloud Security
Get Your Head in the Cloud: A Practical Model for Enterprise Cloud SecurityGet Your Head in the Cloud: A Practical Model for Enterprise Cloud Security
Get Your Head in the Cloud: A Practical Model for Enterprise Cloud SecuritySymantec
 
McAfee - McAfee Application Control (MAC) - Whitelisting
McAfee - McAfee Application Control (MAC) - WhitelistingMcAfee - McAfee Application Control (MAC) - Whitelisting
McAfee - McAfee Application Control (MAC) - WhitelistingIftikhar Ali Iqbal
 
Securing Beyond the Cloud Generation
Securing Beyond the Cloud GenerationSecuring Beyond the Cloud Generation
Securing Beyond the Cloud GenerationForcepoint LLC
 
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Docu...
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Docu...McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Docu...
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Docu...Iftikhar Ali Iqbal
 
QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk M sharifi
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessSirius
 
Should You Be Automating
Should You Be AutomatingShould You Be Automating
Should You Be AutomatingSiemplify
 
CASB: Securing your cloud applications
CASB: Securing your cloud applicationsCASB: Securing your cloud applications
CASB: Securing your cloud applicationsForcepoint LLC
 
Using m365 defender to protect against solorigate
Using m365 defender to protect against solorigateUsing m365 defender to protect against solorigate
Using m365 defender to protect against solorigateMatt Soseman
 
Security operations center 5 security controls
Security operations center 5 security controls Security operations center 5 security controls
Security operations center 5 security controlsAlienVault
 
A Symantec Advisory Guide Migrating to Symantec™ Validation and ID Protection...
A Symantec Advisory Guide Migrating to Symantec™ Validation and ID Protection...A Symantec Advisory Guide Migrating to Symantec™ Validation and ID Protection...
A Symantec Advisory Guide Migrating to Symantec™ Validation and ID Protection...Symantec
 
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 ruleWalk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 ruleEnterpriseGRC Solutions, Inc.
 
Symantec Data Loss Prevention - Technical Proposal (General)
Symantec Data Loss Prevention - Technical Proposal (General)Symantec Data Loss Prevention - Technical Proposal (General)
Symantec Data Loss Prevention - Technical Proposal (General)Iftikhar Ali Iqbal
 
Need of SIEM when You have SOAR
Need of SIEM when You have SOARNeed of SIEM when You have SOAR
Need of SIEM when You have SOARSiemplify
 
Splunk for Security-Hands On
Splunk for Security-Hands OnSplunk for Security-Hands On
Splunk for Security-Hands OnSplunk
 
From SIEM to SA: The Path Forward
From SIEM to SA: The Path ForwardFrom SIEM to SA: The Path Forward
From SIEM to SA: The Path ForwardEMC
 
Splunk for Security: Background & Customer Case Study
Splunk for Security: Background & Customer Case StudySplunk for Security: Background & Customer Case Study
Splunk for Security: Background & Customer Case StudyAndrew Gerber
 
Reasoning About Enterprise Application Security in a Cloudy World
Reasoning About Enterprise Application Security in a Cloudy WorldReasoning About Enterprise Application Security in a Cloudy World
Reasoning About Enterprise Application Security in a Cloudy WorldElastica Inc.
 
Azure Information Protection
Azure Information ProtectionAzure Information Protection
Azure Information ProtectionMicrosoft
 
Sans survey - maturing - specializing-incident-response-capabilities-needed-p...
Sans survey - maturing - specializing-incident-response-capabilities-needed-p...Sans survey - maturing - specializing-incident-response-capabilities-needed-p...
Sans survey - maturing - specializing-incident-response-capabilities-needed-p...CMR WORLD TECH
 
DCC 2016: New Strategies, Old Actors. APT and the Evolution of the Cybercrimi...
DCC 2016: New Strategies, Old Actors. APT and the Evolution of the Cybercrimi...DCC 2016: New Strategies, Old Actors. APT and the Evolution of the Cybercrimi...
DCC 2016: New Strategies, Old Actors. APT and the Evolution of the Cybercrimi...Stefano Maccaglia
 

More Related Content

What's hot

Incident response-in-the-cloud
Incident response-in-the-cloudIncident response-in-the-cloud
Incident response-in-the-cloudPriyanka Aash
 
Get Your Head in the Cloud: A Practical Model for Enterprise Cloud Security
Get Your Head in the Cloud: A Practical Model for Enterprise Cloud SecurityGet Your Head in the Cloud: A Practical Model for Enterprise Cloud Security
Get Your Head in the Cloud: A Practical Model for Enterprise Cloud SecuritySymantec
 
McAfee - McAfee Application Control (MAC) - Whitelisting
McAfee - McAfee Application Control (MAC) - WhitelistingMcAfee - McAfee Application Control (MAC) - Whitelisting
McAfee - McAfee Application Control (MAC) - WhitelistingIftikhar Ali Iqbal
 
Securing Beyond the Cloud Generation
Securing Beyond the Cloud GenerationSecuring Beyond the Cloud Generation
Securing Beyond the Cloud GenerationForcepoint LLC
 
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Docu...
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Docu...McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Docu...
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Docu...Iftikhar Ali Iqbal
 
QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk M sharifi
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessSirius
 
Should You Be Automating
Should You Be AutomatingShould You Be Automating
Should You Be AutomatingSiemplify
 
CASB: Securing your cloud applications
CASB: Securing your cloud applicationsCASB: Securing your cloud applications
CASB: Securing your cloud applicationsForcepoint LLC
 
Using m365 defender to protect against solorigate
Using m365 defender to protect against solorigateUsing m365 defender to protect against solorigate
Using m365 defender to protect against solorigateMatt Soseman
 
Security operations center 5 security controls
Security operations center 5 security controls Security operations center 5 security controls
Security operations center 5 security controlsAlienVault
 
A Symantec Advisory Guide Migrating to Symantec™ Validation and ID Protection...
A Symantec Advisory Guide Migrating to Symantec™ Validation and ID Protection...A Symantec Advisory Guide Migrating to Symantec™ Validation and ID Protection...
A Symantec Advisory Guide Migrating to Symantec™ Validation and ID Protection...Symantec
 
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 ruleWalk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 ruleEnterpriseGRC Solutions, Inc.
 
Symantec Data Loss Prevention - Technical Proposal (General)
Symantec Data Loss Prevention - Technical Proposal (General)Symantec Data Loss Prevention - Technical Proposal (General)
Symantec Data Loss Prevention - Technical Proposal (General)Iftikhar Ali Iqbal
 
Need of SIEM when You have SOAR
Need of SIEM when You have SOARNeed of SIEM when You have SOAR
Need of SIEM when You have SOARSiemplify
 
Splunk for Security-Hands On
Splunk for Security-Hands OnSplunk for Security-Hands On
Splunk for Security-Hands OnSplunk
 
From SIEM to SA: The Path Forward
From SIEM to SA: The Path ForwardFrom SIEM to SA: The Path Forward
From SIEM to SA: The Path ForwardEMC
 
Splunk for Security: Background & Customer Case Study
Splunk for Security: Background & Customer Case StudySplunk for Security: Background & Customer Case Study
Splunk for Security: Background & Customer Case StudyAndrew Gerber
 
Reasoning About Enterprise Application Security in a Cloudy World
Reasoning About Enterprise Application Security in a Cloudy WorldReasoning About Enterprise Application Security in a Cloudy World
Reasoning About Enterprise Application Security in a Cloudy WorldElastica Inc.
 
Azure Information Protection
Azure Information ProtectionAzure Information Protection
Azure Information ProtectionMicrosoft
 

What's hot (20)

Incident response-in-the-cloud
Incident response-in-the-cloudIncident response-in-the-cloud
Incident response-in-the-cloud
 
Get Your Head in the Cloud: A Practical Model for Enterprise Cloud Security
Get Your Head in the Cloud: A Practical Model for Enterprise Cloud SecurityGet Your Head in the Cloud: A Practical Model for Enterprise Cloud Security
Get Your Head in the Cloud: A Practical Model for Enterprise Cloud Security
 
McAfee - McAfee Application Control (MAC) - Whitelisting
McAfee - McAfee Application Control (MAC) - WhitelistingMcAfee - McAfee Application Control (MAC) - Whitelisting
McAfee - McAfee Application Control (MAC) - Whitelisting
 
Securing Beyond the Cloud Generation
Securing Beyond the Cloud GenerationSecuring Beyond the Cloud Generation
Securing Beyond the Cloud Generation
 
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Docu...
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Docu...McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Docu...
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Docu...
 
QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to Success
 
Should You Be Automating
Should You Be AutomatingShould You Be Automating
Should You Be Automating
 
CASB: Securing your cloud applications
CASB: Securing your cloud applicationsCASB: Securing your cloud applications
CASB: Securing your cloud applications
 
Using m365 defender to protect against solorigate
Using m365 defender to protect against solorigateUsing m365 defender to protect against solorigate
Using m365 defender to protect against solorigate
 
Security operations center 5 security controls
Security operations center 5 security controls Security operations center 5 security controls
Security operations center 5 security controls
 
A Symantec Advisory Guide Migrating to Symantec™ Validation and ID Protection...
A Symantec Advisory Guide Migrating to Symantec™ Validation and ID Protection...A Symantec Advisory Guide Migrating to Symantec™ Validation and ID Protection...
A Symantec Advisory Guide Migrating to Symantec™ Validation and ID Protection...
 
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 ruleWalk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
 
Symantec Data Loss Prevention - Technical Proposal (General)
Symantec Data Loss Prevention - Technical Proposal (General)Symantec Data Loss Prevention - Technical Proposal (General)
Symantec Data Loss Prevention - Technical Proposal (General)
 
Need of SIEM when You have SOAR
Need of SIEM when You have SOARNeed of SIEM when You have SOAR
Need of SIEM when You have SOAR
 
Splunk for Security-Hands On
Splunk for Security-Hands OnSplunk for Security-Hands On
Splunk for Security-Hands On
 
From SIEM to SA: The Path Forward
From SIEM to SA: The Path ForwardFrom SIEM to SA: The Path Forward
From SIEM to SA: The Path Forward
 
Splunk for Security: Background & Customer Case Study
Splunk for Security: Background & Customer Case StudySplunk for Security: Background & Customer Case Study
Splunk for Security: Background & Customer Case Study
 
Reasoning About Enterprise Application Security in a Cloudy World
Reasoning About Enterprise Application Security in a Cloudy WorldReasoning About Enterprise Application Security in a Cloudy World
Reasoning About Enterprise Application Security in a Cloudy World
 
Azure Information Protection
Azure Information ProtectionAzure Information Protection
Azure Information Protection
 

Viewers also liked

Sans survey - maturing - specializing-incident-response-capabilities-needed-p...
Sans survey - maturing - specializing-incident-response-capabilities-needed-p...Sans survey - maturing - specializing-incident-response-capabilities-needed-p...
Sans survey - maturing - specializing-incident-response-capabilities-needed-p...CMR WORLD TECH
 
DCC 2016: New Strategies, Old Actors. APT and the Evolution of the Cybercrimi...
DCC 2016: New Strategies, Old Actors. APT and the Evolution of the Cybercrimi...DCC 2016: New Strategies, Old Actors. APT and the Evolution of the Cybercrimi...
DCC 2016: New Strategies, Old Actors. APT and the Evolution of the Cybercrimi...Stefano Maccaglia
 
FireEye Cyber Defense Summit 2016 Now What - Before & After The Breach
FireEye Cyber Defense Summit 2016 Now What - Before & After The BreachFireEye Cyber Defense Summit 2016 Now What - Before & After The Breach
FireEye Cyber Defense Summit 2016 Now What - Before & After The BreachFireEye, Inc.
 
The Board and Cyber Security
The Board and Cyber SecurityThe Board and Cyber Security
The Board and Cyber SecurityFireEye, Inc.
 
Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Imperva
 
Mobile Is Eating the World (2016)
Mobile Is Eating the World (2016)Mobile Is Eating the World (2016)
Mobile Is Eating the World (2016)a16z
 

Viewers also liked (6)

Sans survey - maturing - specializing-incident-response-capabilities-needed-p...
Sans survey - maturing - specializing-incident-response-capabilities-needed-p...Sans survey - maturing - specializing-incident-response-capabilities-needed-p...
Sans survey - maturing - specializing-incident-response-capabilities-needed-p...
 
DCC 2016: New Strategies, Old Actors. APT and the Evolution of the Cybercrimi...
DCC 2016: New Strategies, Old Actors. APT and the Evolution of the Cybercrimi...DCC 2016: New Strategies, Old Actors. APT and the Evolution of the Cybercrimi...
DCC 2016: New Strategies, Old Actors. APT and the Evolution of the Cybercrimi...
 
FireEye Cyber Defense Summit 2016 Now What - Before & After The Breach
FireEye Cyber Defense Summit 2016 Now What - Before & After The BreachFireEye Cyber Defense Summit 2016 Now What - Before & After The Breach
FireEye Cyber Defense Summit 2016 Now What - Before & After The Breach
 
The Board and Cyber Security
The Board and Cyber SecurityThe Board and Cyber Security
The Board and Cyber Security
 
Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016
 
Mobile Is Eating the World (2016)
Mobile Is Eating the World (2016)Mobile Is Eating the World (2016)
Mobile Is Eating the World (2016)
 

Similar to Discover, Analyze, Respond to Advanced Threats

bcs_sb_TechPartner_SSLVisibility_Lastline_EN_v1c
bcs_sb_TechPartner_SSLVisibility_Lastline_EN_v1cbcs_sb_TechPartner_SSLVisibility_Lastline_EN_v1c
bcs_sb_TechPartner_SSLVisibility_Lastline_EN_v1cSam Kumarsamy
 
Advanced Endpoint Protection
Advanced Endpoint ProtectionAdvanced Endpoint Protection
Advanced Endpoint ProtectionMustafa YÜKSEL
 
Panda Security - Adaptive Defense 360
Panda Security - Adaptive Defense 360Panda Security - Adaptive Defense 360
Panda Security - Adaptive Defense 360Panda Security
 
10 Best DevSecOps Tools for 2023
10 Best DevSecOps Tools for 202310 Best DevSecOps Tools for 2023
10 Best DevSecOps Tools for 2023SofiaCarter4
 
u10a1 Security Plan-Beji Jacob
u10a1 Security Plan-Beji Jacobu10a1 Security Plan-Beji Jacob
u10a1 Security Plan-Beji JacobBeji Jacob
 
Cisco amp for networks
Cisco amp for networksCisco amp for networks
Cisco amp for networksCisco Canada
 
Cyber Security protection by MultiPoint Ltd.
Cyber Security protection by MultiPoint Ltd.Cyber Security protection by MultiPoint Ltd.
Cyber Security protection by MultiPoint Ltd.Ricardo Resnik
 
Qualys Corporate Brochure
Qualys Corporate BrochureQualys Corporate Brochure
Qualys Corporate BrochureQualys
 
Cisco amp for endpoints
Cisco amp for endpointsCisco amp for endpoints
Cisco amp for endpointsCisco Canada
 
Damballa automated breach defense june 2014
Damballa automated breach defense june 2014Damballa automated breach defense june 2014
Damballa automated breach defense june 2014Ricardo Resnik
 
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Scalar Decisions
 
Asset Discovery in India – Redhunt Labs
Asset Discovery in India – Redhunt LabsAsset Discovery in India – Redhunt Labs
Asset Discovery in India – Redhunt LabsRedhuntLabs2
 
Sa No Scan Paper
Sa No Scan PaperSa No Scan Paper
Sa No Scan Papertafinley
 
Clearswift f5 integration
Clearswift f5 integrationClearswift f5 integration
Clearswift f5 integrationMarco Essomba
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observabilityitnewsafrica
 
Cloud Security (CASB) for Slack
Cloud Security (CASB) for SlackCloud Security (CASB) for Slack
Cloud Security (CASB) for SlackSachin Yadav
 
Chap 6 cloud security
Chap 6 cloud securityChap 6 cloud security
Chap 6 cloud securityRaj Sarode
 
Cyber security & network attack6
Cyber security & network attack6Cyber security & network attack6
Cyber security & network attack6HCL Technologies
 
Microsoft Cloud App Security CASB
Microsoft Cloud App Security CASBMicrosoft Cloud App Security CASB
Microsoft Cloud App Security CASBAmmar Hasayen
 

Similar to Discover, Analyze, Respond to Advanced Threats (20)

bcs_sb_TechPartner_SSLVisibility_Lastline_EN_v1c
bcs_sb_TechPartner_SSLVisibility_Lastline_EN_v1cbcs_sb_TechPartner_SSLVisibility_Lastline_EN_v1c
bcs_sb_TechPartner_SSLVisibility_Lastline_EN_v1c
 
Advanced Endpoint Protection
Advanced Endpoint ProtectionAdvanced Endpoint Protection
Advanced Endpoint Protection
 
Panda Security - Adaptive Defense 360
Panda Security - Adaptive Defense 360Panda Security - Adaptive Defense 360
Panda Security - Adaptive Defense 360
 
10 Best DevSecOps Tools for 2023
10 Best DevSecOps Tools for 202310 Best DevSecOps Tools for 2023
10 Best DevSecOps Tools for 2023
 
u10a1 Security Plan-Beji Jacob
u10a1 Security Plan-Beji Jacobu10a1 Security Plan-Beji Jacob
u10a1 Security Plan-Beji Jacob
 
Cisco amp for networks
Cisco amp for networksCisco amp for networks
Cisco amp for networks
 
Cyber Security protection by MultiPoint Ltd.
Cyber Security protection by MultiPoint Ltd.Cyber Security protection by MultiPoint Ltd.
Cyber Security protection by MultiPoint Ltd.
 
Qualys Corporate Brochure
Qualys Corporate BrochureQualys Corporate Brochure
Qualys Corporate Brochure
 
Cisco amp for endpoints
Cisco amp for endpointsCisco amp for endpoints
Cisco amp for endpoints
 
Damballa automated breach defense june 2014
Damballa automated breach defense june 2014Damballa automated breach defense june 2014
Damballa automated breach defense june 2014
 
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
 
Asset Discovery in India – Redhunt Labs
Asset Discovery in India – Redhunt LabsAsset Discovery in India – Redhunt Labs
Asset Discovery in India – Redhunt Labs
 
Sa No Scan Paper
Sa No Scan PaperSa No Scan Paper
Sa No Scan Paper
 
Clearswift f5 integration
Clearswift f5 integrationClearswift f5 integration
Clearswift f5 integration
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
Cloud Security (CASB) for Slack
Cloud Security (CASB) for SlackCloud Security (CASB) for Slack
Cloud Security (CASB) for Slack
 
Chap 6 cloud security
Chap 6 cloud securityChap 6 cloud security
Chap 6 cloud security
 
Cyber security & network attack6
Cyber security & network attack6Cyber security & network attack6
Cyber security & network attack6
 
Microsoft Cloud App Security CASB
Microsoft Cloud App Security CASBMicrosoft Cloud App Security CASB
Microsoft Cloud App Security CASB
 
Be the Hunter
Be the Hunter Be the Hunter
Be the Hunter
 

Discover, Analyze, Respond to Advanced Threats

  • 1. Security Empowers Business SOLUTION BRIEF The prevailing security mindset has shifted from preventing infection to assuming compromise. As new advanced threats continue to circumvent traditional security tools, enterprises are searching for better solutions that improve visibility and time to respond. Tools that help responders adapt to the evolving threat landscape are in high demand. Solutions need to rapidly discover, validate, and prioritize assets under a threat actor’s control. Comprehensive, real-time threat intelligence and advanced forensics are keys to understanding the kill chain of an attack and improving the overall security posture. Solution Overview Damballa Failsafe, a leader in finding hidden infections with certainty, and the award winning Blue Coat Security Analytics Platform, have teamed up to provide world class advanced threat discovery and analytics to enable swift and intelligent incident response. Together Failsafe and the Security Analytics Platform allow organizations to: • Discover and Prioritize – Find infections in seconds, minutes, or hours, not weeks or months. Dynamic risk scoring shows which infections pose the highest damage potential. • Analyze and Respond – Comprehensive and conclusive analysis strengthens security incident response. Damballa Failsafe is unmatched at finding advanced threats that have bypassed prevention controls, and in prioritizing their risk. The Security Analytics Platform extracts and reconstructs all attributes associated with advanced malware and threats, including source and destination IPs, as well as every packet, flow, file, and application detail associated with an attack. The Security Analytics technology also leverages the Blue Coat Global Intelligence Network – aggregated threat intelligence from 15,000 customers and 75 million users – and Blue Coat ThreatBLADES, which provide instant, actionable intelligence about web, email, or file-based threats. The Security Analytics Platform provides security professionals clear and concise answers to critical post-breach security questions, including: Who did this? How? When? What was accessed? It records and classifies every packet of network traffic – from Layer 2 through Layer 7 – while indexing and storing the data to provide comprehensive threat intelligence and post-breach analytics on any security event. How it Works The open, web services REST API in the Security Analytics Platform enables direct integration to Damballa Failsafe. Failsafe allows first responders a pivot directly from an infected assets page to full packet-level detail in the Security Analytics solution. This allows instant visibility into other relevant activity from infected devices. The Security Analytics Platform acts like a security camera on the network, to record and index BLUE COAT TECHNOLOGY PARTNER: DAMBALLA Partner: Damballa Partner Product: Failsafe Blue Coat Product: Security Analytics Platform Users Servers Mobile API Security Analytics Appliance with ThreatBLADES Global Intelligence Network Damballa Failsafe Tap/Span Tap/Span 1. Damballa Failsafe – Discovers infected devices, suspected devices, and active C&C domains 2. Damballa Failsafe – Using the Security Analytics API creates lists of infected assets, suspected assets, and active Command and Control (C&C) domains 3. Security Analytics – Provides instant visibility into infected assets and correlated endpoint processes 4. Security Analytics – Enables quick updates to security policies based on corroborated evidence of an attack
  • 2. Security Empowers Business SOLUTION BRIEF © 2014 Blue Coat Systems, Inc. All rights reserved. Blue Coat, the Blue Coat logos, ProxySG, PacketShaper, CacheFlow, IntelligenceCenter, CacheEOS, CachePulse, Crossbeam, K9, the K9 logo, DRTR, Mach5, Packetwise, Policycenter, ProxyAV, ProxyClient, SGOS, WebPulse, Solera Networks, the Solera Networks logos, DeepSee, “See Everything. Know Everything.”, “Security Empowers Business”, and BlueTouch are registered trademarks or trademarks of Blue Coat Systems, Inc. or its affiliates in the U.S. and certain other countries. This list may not be complete, and the absence of a trademark from this list does not mean it is not a trademark of Blue Coat or that Blue Coat has stopped using the trademark. All other trademarks mentioned in this document owned by third parties are the property of their respective owners. This document is for informational purposes only. Blue Coat makes no warranties, express, implied, or statutory, as to the information in this document. Blue Coat products, technical services, and any other technical data referenced in this document are subject to U.S. export control and sanctions laws, regulations and requirements, and may be subject to export or import regulations in other countries. You agree to comply strictly with these laws, regulations and requirements, and acknowledge that you have the responsibility to obtain any licenses, permits or other approvals that may be required in order to export, re-export, transfer in country or import after delivery to you. v.SB-TECHPARTNER-SAPLATFORM-DAMBALLA-EN-v1a-1214 Blue Coat Systems Inc. www.bluecoat.com Corporate Headquarters Sunnyvale, CA +1.408.220.2200 EMEA Headquarters Hampshire, UK +44.1252.554600 APAC Headquarters Singapore +65.6826.7000 full packet captures of all activity – even on today’s fastest networks. Captured packet data can then be analyzed to provide context that enables rapid response to Damballa alerts. For example, when Damballa Failsafe generates an asset alert within the console, alert parameters are seamlessly passed to the Security Analytics Platform, which responds with a complete analysis, detailing what occurred before, during and after the event. The Failsafe user can even recreate actual artifacts (documents, files, executables, etc.) from stored packet data. By reconstructing what happened before an infection, the Security Analytics Platform determines the root cause and provides the intelligence needed to prevent other assets from falling victim to the same attack. Using the API, Failsafe also creates “Favorites” in the Security Analytics Platform management console. Failsafe creates lists of infected assets, suspected assets, and active Command and Control (C&C) domains. This enables Incident responders to quickly analyze traffic to and from compromised assets and then take swift and focused action. Damballa Failsafe also publishes active C&C domains with successful connections for immediate response. The integration between Damballa Failsafe and Blue Coat Security Analytics is: • Powerful – Rapidly find hidden infections with certainty • Fast – Gain instant visibility into suspected/infected assets and correlated endpoint processes • Actionable – Quickly update security policies based on corroborated evidence EXAMPLE Damballa Failsafe identifies successful connections to a new C&C infrastructure. A never-before-seen attack has successfully bypassed traditional security tools and has infected several devices on the network. Failsafe dynamically pushes the newly identified C&C domain to the Favorites list in the Security Analytics Platform where responders can quickly search for all assets that have attempted connections to the active C&C domain and can then remove them from the network. Key Benefits Damballa Failsafe and Blue Coat Security Analytics Platform provide enterprises with clear and concise actionable intelligence for advanced threats and compromised assets to: • Rapidly detect, prioritize and remediate infected devices • Respond to infections and advanced threats in near real-time • Quickly implement and update security controls, preventing further compromise • Gain better visibility of security posture regarding “hidden” and zero-day threats About Damballa As experts in advanced threat protection and containment, Damballa discovers actual infections that have already bypassed security prevention layers. Damballa identifies evidence of malicious network traffic to rapidly pinpoint compromised devices that represent the highest risk to a business. Our patented solutions leverage Big Data from the industry’s broadest data set of consumer and enterprise network traffic, combined with machine learning. This enables us to automatically discover and terminate criminal activity, stop data theft, minimize business disruption and reduce time to response. Damballa protects any device or OS regardless of threat entry point. Damballa protects approximately half a billion devices globally at enterprises in every major market and for the world’s largest ISP and telecommunications providers. For more information, visit www.damballa.com, or follow us on Twitter @DamballaInc. For More Information Learn more about Blue Coat technology partners on our website.