| Real-Time Analysis of Behavior Related Incident
SCENARIO: Three times a day on-average John logs into a file share containing critical business data. Then one day, he logs in 100 times…�anomaly detected. His credentials were stolen, and he has been personally compromised. | SOLUTION:
Using artificial intelligence (AI) and machine learning technology, Securonix establishes a baseline of normal behavior, and compares that baseline to current activity on the network. It triggers an alert when it detects activity outside the norm. The ICE SOC Team opens the alert, contacts your IT Dept, and initiates action based on your Threat Response Plan.
RESULT:
Threat mitigated before your company loses the sensitive data core to your business. |
| Security Stats | WHO - 5 fold increase in cyberattacks in 2020 |
| Average cost of 1 breach (+500) | 3.86 million - based on The Ponemon Institute and IBM Security |
| Average cost of 1 breach (under 500) | 2.67 million - - based on The Ponemon Institute and IBM Security |
| Most frequently compromised type of record | PII (Personally Identifiable Information)
The costliest at $150 a record |
| Non-Monetary Damages | Loss of intellectual property
Years of research down the drain
Damage to your brand and reputation
Cancelled deals and partnerships
Millions in lost productivity, and �legal/remediation expenses
Disclosure requirements imposed by your clients and governments intellectual property |
| The burden placed on IT Staff | Anti-Virus / Anti-Malware / EDR
Behavioral analytics
Firewall/WAF, Servers on �cloud infrastructure
Firewalls with UTM URL & DNS Filtering
Threat Detection / Threat Prevention IDS / IPS
Penetration Testing
Threat hunting
Log aggregation
Wireless rogue activity detection
Single Sign On / Multi Factor Authentication
Email filter tuning and quarantine management
Identify Access Management (IAM)
Monitoring of critical data flows
Data Encryption
Hosted Email services
Threat Intelligence and Feed Analysis |
| SOC-2 Certification | SOC 2 (System and Organization Controls 2)
is a type of audit report that attests to the trustworthiness of services provided by a service organization.
SOC 2 reports are the result of an official SOC 2 audit.
These reports attest that a service organization’s solution has been audited by a Certified Public Accountant (CPA) on over 600 data points, using standards laid down by the AICPA, with regard to: Security, Availability, Processing Integrity, Confidentiality and/or Privacy. |
| SOC-2 Audits for what? (SAPIC) | Security
Availability
Privacy
Integrity (process & storage)
Confidentiality |
| Availability | The process, product, or service must remain available per the agreement between user and provider. Both parties either explicitly or implicitly agree on the appropriate level of availability of the service. |
| Confidentiality | If access to the data is limited to certain individuals or organizations, it must be treated as confidential. Data protected by the principle of confidentiality could include anything the user submits for the eyes of company employees only, including but not limited to business plans, internal price lists, intellectual property and other forms of financial information. An auditor will take into account data encryption, network firewalls, software firewalls and access controls. |
| Privacy | The principle of privacy applies to the collection, disclosure, disposal, storage and use of personal information with regard to the generally accepted principles of privacy (GAPP) as established by the AICPA. It applies to Personal Identifiable Information (PII), information that can be used to differentiate persons, including but not limited to names, addresses, phone numbers and social security numbers. Other data, including race, gender, medical profiles, and religion are also covered by GAPP. An auditor must verify controls in place to prevent the dissemination of PII. |
| Security | System resources must be defended against outside access to comply with the principle of security. Access controls must adequately resist attempts at intrusion, device manipulation, unauthorized deletion, data misuse, or improper modification and release. An auditor looks at IT security tools like WAF (web application firewalls), encryption and intrusion detection in addition to administrative controls such as background checks and authorizations. |
| Integrity | This principle is concerned with the delivery of the right data at the right time and at the right price— in other words, whether or not the platform performs as expected. Data processing must be complete, licensed, reliable and timely.
IMPORTANT: Integrity of storage does not imply the integrity of the information. Information may contain errors before it is entered into the system, which the storage entity is not responsible to identify. An auditor must look at data processing management and quality assurance practices to ensure the reliability of the data. |
| SOC (Security Operations as a Service) | 1. Provides 24/7/365, real-time visibility into your�IT infrastructure
2. Staffed by a global team of trained professionals
3. SIEM (Security Incident and Event Management) subscription includes industry-leading processes and security tools
4. Proactive remediation of threats before damage is caused
5. One of the most cost-effective and impactful ways to elevate any organization’s security posture as compared to developing these services in-house |
| ICE SOC | 1. ICE has qualified team of certified security professionals to monitor your infrastructure 24/7/365
2. ICE security professionals�respond to all alerts instantly to reduce the exposure and limit the damage a security breach might otherwise cause
3. ICE SOC team will work with your organization to establish incident response teams (IRT), formulate Incident Response Plans (IRP), and perform the necessary actions to remediate threats in a timely manner, as required by many compliance frameworks |
| 4 STEPS PROVIDED | MONITOR - Real time monitoring of critical apps and services in a single dashboard
ANALYZE - Centralized Log Collector to collect and store logs from services and devices for analysis. Risk management process that reduces chances of security breaches.
RESPOND - Respond immediately to cyber attacks to avoid security breach
ESTABLISH - Incident Response Plan (IRP) |
| SECURONIX PARTNERSHIP | Securonix delivers a next-generation security analytics and operations management platform for the modern era of big data and advanced cyber threats and was named a leader in the 2021 Gartner Critical Capabilities for SIEM(for Security Information and Event Management) |
| WHY SECURONIZ PARTNERED WITH US | ICE Consulting is an experienced MSSP that offers a full range of security services to their customers. They have a highly skilled staff that understands the value of providing the best solutions to keep their customers protected 24 x 7.
We see ICE Consulting as a strategic MSSP partner in a key geography with unique vertical expertise in Biotechnology and Life Sciences. |
| SECURONIX SNYPR | 1. Centralized Log Collector maintains all logs�from the connected devices and services for extended time periods for forensic analysis,�legal reasons, etc.
2. SIEM and UEBA in a single package.
3. Threat Analyzer with a cloud based-AI engine analyzes, reports, suggests remediation, and documents all threats received.
4. SNYPR is compatible with most major applications and services (Okta, Azure, AWS, O365, Palo Alto Firewalls, Cisco Umbrella, Windows Servers, Web Servers, etc…) |
| SECURONIX FEATURES (Part1) | Anti-Virus / Anti-Malware / EDR
Firewalls with UTM
URL & DNS Filtering
Threat Detection / Threat Prevention
IDS / IPS
Single Sign On / Multi Factor Authentication
Data encryption
Behavioral analytics
Threat hunting
Email filter tuning and quarantine management
Servers & storage in data centers |
| SECURONIZ FEATURES (part 2) | Firewall/WAF, Servers on
Cloud infrastructure
Log aggregation
Identify Access
Management (IAM)
Hosted Email services
Penetration Testing
Wireless rogue activity detection
Monitoring of critical data flows
Threat intelligence and feed analysis |
| Incident Response Workflow | 1. Identify Friend or Foe (IFF)
2. Use WHOIS, and DNS to identify the source
3. Create a network object to auto-identify the CIDR (registered public IP) block for the source in the future
4. Add the system to an elevated risk watch list �(Risk Booster for future events)
5. Move from Production VLAN to Patch Only/Guest VLAN (Switch Port)
6. Update anti-virus
7. Update OS
8. Run a full AV scan
If clean, run a vulnerability scan to check patches were successful, If success, return to production VLAN
If failed AV or Patch check Notify IT team to reimage system, or Perform a full reimage of system and repeat a-d
9. Add the system to an elevated risk watch list (Risk Booster for future events) |
| IF FOE | If foe…
Add to the block list recommendations for the next change review �or window
Check for additional attackers/symptoms on the same CIDR block
Block at the firewall or IPS as appropriate (Class C CIDR block �or smaller)
Note date of block, and add to an expire/review list for 30 days
Note and review country of origin for appropriateness to the business |
| ALERT & REPSONSE | 1. Create a ticket to�track the event
2. Update the ticket with any enrichment data available. Identify Friend or Foe
Add network information�about the source
Internal? Or External?
Check blacklist information (AbuseIPDB, Zeus Tracker…) and add to ticket
Identify the user logged into the system at time of event (if internal)
3. Classify the ticket
Internal / External
Recon, Exploit, Data Exfil,Malware, Unknown |
| Real-Time Analysis of Behavior Related Incident
SCENARIO: Three times a day on-average John logs into a file share containing critical business data. Then one day, he logs in 100 times…�anomaly detected. His credentials were stolen, and he has been personally compromised. | SOLUTION:
Using artificial intelligence (AI) and machine learning technology, Securonix establishes a baseline of normal behavior, and compares that baseline to current activity on the network. It triggers an alert when it detects activity outside the norm. The ICE SOC Team opens the alert, contacts your IT Dept, and initiates action based on your Threat Response Plan.
RESULT:
Threat mitigated before your company loses the sensitive data core to your business. |
