Driven Security for Modern Threats - Reservoir Labs, Inc. · Driven Security for Modern Threats....
Transcript of Driven Security for Modern Threats - Reservoir Labs, Inc. · Driven Security for Modern Threats....
Reservoir Labs Advanced Threat Detection
• Continuous Monitoring and Analytics-Driven Security for Modern Threats
Reservoir Labs Advanced Threat Detection
All Data is Security Relevant!
2
DeveloperPlatform
Report and
analyze
Custom dashboards
Monitor and alert
Ad hoc search
ThreatIntelligence
Asset & CMDB
EmployeeInfo
DataStoresApplications
Online Services
Web Services
SecurityGPS
Location
Storage
Desktops
Networks
Packaged Applications
CustomApplications
Messaging
TelecomsOnline
Shopping Cart
Web Clickstreams
Databases
Energy Meters
Call Detail Records
Smartphones and Devices
Firewall
Authentication
Threat Intelligence
Servers
Endpoint
External Lookups
Reservoir Labs Advanced Threat Detection
EnterpriseLogs
Switch Fabric
Datacenter Corporate
Network Traffic
R-Scope
Internet
Security Infrastructure & Monitoring
Splunk
Network Metadata
Security Operations
Logs
Network Traffic
Reservoir Labs Advanced Threat Detection 4
How it Works…
Metadata Ingest Context Alerts
R-Scope provides metadata and visibility about your users, applications, and assets
Splunk ingests rich metadata, enterprise logs, and context such as threat intelligence & asset information, and combines
them to create high fidelity alerts
NetworkIngest
Parsing Engine Metadata
Reservoir Labs Advanced Threat Detection
Bridging the Analytics Gap
Splunk
Analytics
• Orphaned Data• Latent Information• Low Fidelity Alerts• Low Value
Files, Hashes, Certs, Comms, C2
Applications, Location, Owner
TTPs, Certificates, Files, Hashes
Exposure, Criticality, CVEs
Reservoir Labs Advanced Threat Detection
Bridging the Gap: Linked Data
Splunk
Analytics
Rich metadata links disparate data types for high fidelity security alerts, reporting, and workflows
• Linked Data Schema• Ops Integration• High Fidelity Alerts• High Value
Reservoir Labs Advanced Threat Detection
- Enables fast and actionable security response
- Enriches existing security tools and process
- Rich metadata drives advanced threat hunting
The Solution
Reservoir Labs Advanced Threat Detection
R-Scope + Splunk Security Operations
• Immediately assess exposure to a threat‒ Which assets are vulnerable?‒ Are those assets compromised?‒ When did the compromise occur?‒ What is the impact of the breach?
• Categorically prioritize your response‒ Focus resources based on confidence & criticality‒ Reduce time to remediate
Reservoir Labs Advanced Threat Detection
Hunt Threats in Real Time or Historically
Accurately alert on suspicious behavior on Day 0 using rules based automation or free form hunting
1: How many of my users are running Chrome?
2: Identify all hosts running vulnerable Chrome versions
Example: A net new exploit is discovered in the wild that
targets Chrome v43 running on Windows 8.
3: Leverage simple IOC’s to behaviorally identify compromised host