Reservoir Labs Advanced Threat Detection

• Continuous Monitoring and Analytics-Driven Security for Modern Threats

Reservoir Labs Advanced Threat Detection

All Data is Security Relevant!

2

DeveloperPlatform

Report and

analyze

Custom dashboards

Monitor and alert

Ad hoc search

ThreatIntelligence

Asset & CMDB

EmployeeInfo

DataStoresApplications

Online Services

Web Services

SecurityGPS

Location

Storage

Desktops

Networks

Packaged Applications

CustomApplications

Messaging

TelecomsOnline

Shopping Cart

Web Clickstreams

Databases

Energy Meters

Call Detail Records

Smartphones and Devices

Firewall

Authentication

Threat Intelligence

Servers

Endpoint

External Lookups

Reservoir Labs Advanced Threat Detection

EnterpriseLogs

Switch Fabric

Datacenter Corporate

Network Traffic

R-Scope

Internet

Security Infrastructure & Monitoring

Splunk

Network Metadata

Security Operations

Logs

Network Traffic

Reservoir Labs Advanced Threat Detection 4

How it Works…

Metadata Ingest Context Alerts

R-Scope provides metadata and visibility about your users, applications, and assets

Splunk ingests rich metadata, enterprise logs, and context such as threat intelligence & asset information, and combines

them to create high fidelity alerts

NetworkIngest

Parsing Engine Metadata

Reservoir Labs Advanced Threat Detection

Bridging the Analytics Gap

Splunk

Analytics

• Orphaned Data• Latent Information• Low Fidelity Alerts• Low Value

Files, Hashes, Certs, Comms, C2

Applications, Location, Owner

TTPs, Certificates, Files, Hashes

Exposure, Criticality, CVEs

Reservoir Labs Advanced Threat Detection

Bridging the Gap: Linked Data

Splunk

Analytics

Rich metadata links disparate data types for high fidelity security alerts, reporting, and workflows

• Linked Data Schema• Ops Integration• High Fidelity Alerts• High Value

Reservoir Labs Advanced Threat Detection 7

Reservoir Labs Advanced Threat Detection

- Enables fast and actionable security response

- Enriches existing security tools and process

- Rich metadata drives advanced threat hunting

The Solution

Reservoir Labs Advanced Threat Detection

THANK YOU

Reservoir Labs Advanced Threat Detection

R-Scope + Splunk Security Operations

• Immediately assess exposure to a threat‒ Which assets are vulnerable?‒ Are those assets compromised?‒ When did the compromise occur?‒ What is the impact of the breach?

• Categorically prioritize your response‒ Focus resources based on confidence & criticality‒ Reduce time to remediate

Reservoir Labs Advanced Threat Detection

Hunt Threats in Real Time or Historically

Accurately alert on suspicious behavior on Day 0 using rules based automation or free form hunting

1: How many of my users are running Chrome?

2: Identify all hosts running vulnerable Chrome versions

Example: A net new exploit is discovered in the wild that

targets Chrome v43 running on Windows 8.

3: Leverage simple IOC’s to behaviorally identify compromised host