whitepaper ai-driven managed detection and response
TRANSCRIPT
www.paladion.net
Author:Sachin VargheseEVP Americas & CMO
AI-Driven Managed Detection and Response Designed to take down the most advanced cyber threats
WHITEPAPER
in This Issue
Executive Overview
Paladion’s Left of Hack to Right-of-Hack ServicesSM
Left of Hack Right of Hack
Paladion’s AI-Driven MDR: In-Depth
Detection Phase Response Phase
Client Success Stories
About Paladion
03
04 0506
07
0809
10
12
AI-DRIVEN MANAGED DETECTION AND RESPONSE 03
1.
1 Forrester’s Global Business Technographics® Security Survey, 2016
Executive Overview
Paladion’s AI-driven Managed Detection and Response (MDR) service provides rapid, comprehensive threat detection and response.Our Gartner-recognized service gives youthe security tools and experts you need to anticipate, hunt, and stop attacks in nearreal time—mitigating your threats before they impact you. Deploy our service to gain three key benefits:
1. Organizational Trends
Get comprehensive defense with our left-of-hack-to-right-of-hack MDR program. Our serviceenables you to not only anticipate, hunt, anddetect threats, but also to swiftly mitigate them.
2. Cyber Defense at speed
To prevent breaches from impacting you, your defense needs speed. Paladion’s AI-Driven platform sift through terabytes of data rapidly and deploy response playbooks at near real-time speeds to keep up you protected.
3. Low Noise, High Touch Service
We bring in one of the largest pool of securityprofessionals and combine them with our AIplatform so you only receive validated threats, and high-touch response services. Lower the time and effort you spend on cyber security— while remaining protected against a variety of next-generation threats—with our unique combination of custom-built AI defenses and the largest pool of MDR experts.
Time to RespondTime to Detect
Contain and recover swi ly
with agile response from
machine learning
Evict attackers, eradicate threats, and advance your
defenses from the learning
Get swi analysis on threats,
impact on assets, blast radius, and
more
Detect known threats in near real-time using sophisticated
rules & correlations
Discover evasive threats using
Machine Learning and experienced
threat hunters
Apply global threat intel to proactively fix
gaps before threats reach you
AutoContainment
ResponseOrchestration
IncidentAnalysis
ThreatHunting
SecurityMonitoring
ThreatAnticipation
ImmediateEarly
LikelyCompromise
Figure 1: Paladion’s Left of Hack Right of Hack Service
“Use MDR services to add threat detection, lightweight incident response, and 24/7 monitoring capabilities when they don’t exist or are immature within an organization.”1
Late Deliberate
AI-DRIVEN MANAGED DETECTION AND RESPONSE 04
1.
1 Forrester’s Global Business Technographics® Security Survey, 2016
Paladion’s Left of Hack to Right-of-Hack Services SM
Paladion’s AI-Driven MDR combines Artificial Intelli-gence & automation with battle-hardened human expertise to deliver end-to-end threat management. Our unique MDR service defends you at each stage of an attack:
O
AI-DRIVEN MANAGED DETECTION AND RESPONSE 05
1 Forrester’s Global Business Technographics® Security Survey, 2016
LEFT OF HACK
Threat Anticipation
Protects against emerging threats. Continuously monitors global feeds, identifies your likely new threats, and proactively raises your defenses against them. You gain both Tactical and Strategic Threat Intel to learn which emerging threats you can ignore, and which you must defend against immediately.
Threat Hunting
Finds threats lurking in your network. Deploys four forms of analytics to find attacks traditional cybersecurity misses: Endpoint Threat Analytics, User Behavior Analytics, Network Threat Analyt-ics, Application Threat Analytics.
Security Monitoring
Goes beyond basic compliance-mandated monitoring. Gain a deeper awareness of your business risks. Paladion’s 1,000+ global cyber security experts give you 24/7 monitoring, real-time alerts, logmanage-ment, compliance-ready reporting, and monitoring of all cloud infrastructures and popular platforms (Azure, AWS, O365)
“Organizations that have not yet invested, or are underinvested, in detection and response technologies and
internal capabilities should consider MDR services.”2
O
AI-DRIVEN MANAGED DETECTION AND RESPONSE 02
1 Forrester’s Global Business Technographics® Security Survey, 2016
06
1 Forrester’s Global Business Technographics® Security Survey, 2016
RIGHT OF HACK
Incident Analysis
Fully investigates your threats and define immediate incident mitigation steps. Provides a birds-eye view of any unfolding incidents, traces your alerts from validation to investigation, and extends visibility beyond basic indicators of com-promise to quickly separate your false positives from your real incidents.
Auto Containment
Respond to threats rapidly with our proprietary AI platform, AI.saac’s, agile auto threat containment. AI.saac can autonomously executeplaybooks to contain network and endpoint threats while raising a ticket immediately, so Incident Responders can analyze, evict the attacker,
ResponseOrchestration
Orchestrates a rapid, coordinated, and effective response to any incident you suffer. Our unified, expert response will combine machine speed with human insight to produce a comprehensive, collaborative, and fully bespoke response plan tailored to your unique organizationand specific compromise.
Transform Your Cyber Defense with AI-Driven MDR Paladion brings 18 years of experience and over 1,000 cyber security experts to your defense. Request a demo today: US: +1-844-509-7668 – India: +91-80-42543444 – Middle East: +97142595526
AI-DRIVEN MANAGED DETECTION AND RESPONSE 07
1.
1 Forrester’s Global Business Technographics® Security Survey, 2016
Paladion’s AI-Driven MDR: In-Depth
Meet Paladion’s Next Generation AI Platform: AI.saac
Paladion’s comprehensive MDR services is driven by their AI platform – AI.saac.
AI.saac offers a crucial layer to any existing SOC and SIEM, and provides your cyber defenses with the firepower required to proactively detect, manage, and respond to complex, targeted attacks. AI.saac provides:
� Active Discovery of threats along all stages of the cyber kill chain.
� Active Response via centralized and automated incident response.
� Multiple Statistical Models & Learning Algorithms to detect unknown threats.
� Visual Analytics that map your trail of hiddenthreats.
� A Highly Scalable Analytics Platform that can be deployed immediately onto your security posture.
Traditional SIEM-based security monitoring cannot detect complex, targeted, or unknown attacks. It is unable to analyze a high volume of varied data. In short: it is unable to defend you from next-generation cyberattacks. In response, we have evolved beyond SIEM, and built a truly comprehensive MDR servicepowered by our next-generation AI platform – AI.saac. AI.saac enhances every stage of our comprehensive left-of-hack-to-right-of- hack MDR service:
AI-DRIVEN MANAGED DETECTION AND RESPONSE 08
1 Forrester’s Global Business Technographics® Security Survey, 2016
DETECTION PHASE
Threat Anticipation
Mines over 100 TB of global threat data daily.Identifies emerging global threats, correlateseach threat’s impact against your assets, anddetermines your most likely threats.
Threat Hunting
Analyzes terabytes of data in seconds. Deploys550+ AI models and use cases. Detects threatstraditional security misses within your endpoint,user, network, and application data.
Security MonitoringConstantly monitors the risk level of yourassets, users, and external IPs. Reviewshistorical alerts via probabilistic models to ID assets and uncover deeper links between alerts.
AI-DRIVEN MANAGED DETECTION AND RESPONSE 09
1 Forrester’s Global Business Technographics® Security Survey, 2016
RESPONSE PHASE
Incident Analysis
Removes irrelevant noise and only flags likelyincidents. Scores relevant data to prioritizealerts, and automates attribution, attack chaincreation, and patient zero identification.
Auto Containment
Deploys hundreds of playbooks toautomatically contain a threat. AI.saaccontinuously learns (machine learning) to addnew playbooks and effectively contain a threatin minutes.
ResponseOrchestration
Centralizes and orchestrates incident response to reduce attacker dwell time from weeks to under one day. Incident responders make sure attackers don’t exploit the same vulnerability, and adapt defenses so attackers cannot use thesame TTP again.
Combat Sophisticated Cyber Threats with AI.saacExecute detection and response across the full lifecycle of a threat in minutes – not months.Request a demo today: US: +1-703-956-9468 – India: +91-80-42543444 –Middle East: +97142595526
AI-DRIVEN MANAGED DETECTION AND RESPONSE 10
1.
1 Forrester’s Global Business Technographics® Security Survey, 2016
Client Success Stories
We monitor over 25 billion security events—and respond to over 100 incidents – every day for our clients. In the past 18 years in the business, we have served over 700 clients, including nearly 10% of the Fortune 500.
We detected a drive-by-download-based infection of multiple
a company-sponsored course from an educational institution. However, the educational institution’s website had been
institution’s employees when they downloaded their course.
EDR data. It utilized a non-parametric statistical model and
The sudden, compromised behavior of multiple users.
Traced the infection to the website distributing it.
educational institute as the source of the infections.
Success Story 1: Drive-By-Download Infection What Paladion Found
“Paladion was able to swiftly deploy their technology and services across our vast net-work. We see a significant improvement in our threat detection maturity with their MDR threat hunting, and our in-house ITteams no longer need to spend their efforts analyzing and remediating complex cyber threats. Paladion has provided us the much-needed security assurance with their MDR service.”
– Mukund Dadarkar, Head IT and CISO, Quality Kiosk
“Paladion’s AI-Driven MDR has drastically enhanced our threat visibility. Our customers data is important to us as an organization, and they feel more secure knowing that we are proactive when it comes to incident and threat analysis. It
has been a crucial partnership for Stratus Video.”
– Chris Downing, VP Engineering at Stratus Video
We detected multiple compromised endpoints running the Trojan NsCpuCNMiner32.exe, and software that uses the infected comput-er’s CPU to mine the Monero digital currency. The Trojan spreads as an executable (called Photo. scr). When started, it copies itself to every drive on the infected computer, and then extracts an execut-able (called NsCpuCNMiner32.exe) to the %Temp% folder to launch the executable. When launched, it co-opts all available CPU process-ing power to mine the Monero digital currency
Programs running the command line “C:\ Users\>username>\ AppData\Roaming\Images\ NsCpu CNMiner32.exe”
Measured 1% expectancy, identi fying the program as a top outlier.
A program hashcode that has been blacklisted by a dozen AV vendors.
Success Story 2: Crypto Mining Operations What Paladion Found
Two days after we deployed our services for a large bank with250,000+ endpoints, we detected a previously undetected data-theft keylogger. The malware was sending information to an external URL that had not received a blacklist score from any threat intelligence feed. However, our AI models detected anomalous beaconing behavior within
-py of sets— and multivariate gaussian model. We discovered the
logs captured from infected systems.
Malware beaconing behavior within multiple client endpoints
Data-theft keylogger malware variant that wasn’t detected by
months.
Variant IOCs scanned across all endpoints.
Success Story 3: Data Theft by Undetected Malware What Paladion Found
attack and had to suspend production. Our incident response team
encrypting. A few machines were heavily infected and required formatting but a majority of them could be disinfected by removing
systems including servers were live. Our experts removed malware -
The sudden, compromised behavior of multiple users.
Traced the infection to the website distributing it.
educational institute as the source of the infections.
Success Story 4: Ransomware Attack What Paladion Found
AI-DRIVEN MANAGED DETECTION AND RESPONSE 11
1 Forrester’s Global Business Technographics® Security Survey, 2016
About Paladion
Paladion is a global cyber defense company that provides Managed Detection and Response Services, DevOps Security, Cyber Forensics, Incident Response, and more by tightly bundling its AI platform - AI.saac and advanced managed security services. Paladion is consistently rated and recognized by leading independent analyst firms, and awarded by Frost&Sullivan, Asian Banker, Red Herring, amongst others. For 18 years, Paladion has been actively managing cyber risk for over 700 customers from its 5 AI-Driven SOCs placed across the globe.
Please visit www.paladion.net for more information. Contact Paladion todayUS: +1-703-956-9468 | India: +91-9741115000 | Middle East: +97142595526
[email protected] | www.paladion.net