Kaspersky announced its new offering for Security Operations Centers (SOCs) that combines the company’s competencies, solutions, and services with the newly added Red Teaming service, which evaluates how well internal security teams are prepared for tailored breach scenarios. This just-added feature will enable enterprises with SOCs to overcome the cybersecurity issues that concern them the most.
For large organizations, establishing a SOC is becoming increasingly necessary as a result of the growing number and sophistication of cyberthreats. However, during this process, organizations often face numerous barriers that jeopardize the productivity of their security operations including a shortage of skilled professionals, scarce automation and integration between various tools, a high number of alerts and a lack of visibility and context.
A SANS survey of specialists working in SOCs found they are not satisfied with its performance, but do not have a clear view of how to improve it. That is why Kaspersky’s new integrated offering for SOCs starts with an analysis of customers’ specific needs and pain points, offering personalization and a deeper understanding of the products and services that are needed. Services such as Kaspersky EDR, Kaspersky Anti Targeted Attack, and Kaspersky Threat Intelligence with continued support from Kaspersky’s industry-leading threat hunting and incident response teams.
Finding and eliminating weaknesses
Weaknesses in a company’s protection are not always in its infrastructure but can often be found in its processes. These flaws range from overlooked alerts to analyst issues when communicating information about an alert after a delay without complete details. Because of these issues, cybercriminals can go unnoticed for a longer period of time increasing their chance of a successful attack.
Kaspersky Penetration Testing presents a tailored assessment of customers’ existing security operations with the newly added Red Teaming feature, which offers a simulation of threat intelligence-driven attacks. Experts from Kaspersky determine how adversaries are likely to behave according to customer characteristics like industry, region, and market, and mimic their actions to evaluate SOCs and incident response team’s readiness to detect and prevent attacks. In addition to offering an assessment of the defensive team’s capabilities, Kaspersky also offers workshops detailing gaps in defensive processes and recommendations on how to enhance them.
Closing existing gaps in SOC readiness
Building and maintaining a SOC is a long-term process with various difficulties that can emerge along the way. Kaspersky provides guidance in identifying key issues and offering comprehensive solutions and services to address them, including:
- Kaspersky Threat Intelligence provides SOC teams with information on tactics and techniques that malefactors around the world leverage. These services include: Kaspersky Threat Data Feeds, Kaspersky APT Intelligence Reporting, Kaspersky Financial Threat Intelligence Reporting, Kaspersky Threat Intelligence Portal and Tailored Threat Intelligence Reporting, outlining a customer-specific picture of threats.
- Kaspersky CyberTrace, a threat intelligence fusion and analysis tool, improves and accelerates prioritization and initial response to incoming alerts by matching the logs forwarded by a security information and event management (SIEM) system with any threat intelligence feed used in a SOC. The tool evaluates the effectiveness of each feed and provides real-time ’situational awareness’ allowing analysts to make timely and better-informed decisions.
- Kaspersky Cybersecurity Training programs on malware analysis, digital forensics, incident response and threat detection help SOCs grow their in-house expertise in these areas, enabling fast and effective response to complex incidents.
- Kaspersky Managed Protection and Incident Response services, allow SOCs to outsource or complement their existing incident investigation, response and threat hunting capabilities, if they lack certain expertise or specialists internally.
- Kaspersky Anti Targeted Attack and Kaspersky EDR are solutions that focus on complex threats and help to strengthen the SOC, enabling deeper analysis and faster incident response. The solutions provide automation of defense processes, including attack discovery, analysis and response, and full visibility of the infrastructure, and serving as sources of relevant logs for a SIEM system, which gives SOC analysts the time and resources to proactively hunt for threats and respond to more complex incidents.
“Running a SOC does not simply come down to implementing a SIEM,” says Veniamin Levtsov, vice president of corporate business, Kaspersky. “To be effective, it should be surrounded by relevant processes, roles, and playbooks. It should also be equipped with connectors to logs and events sources, effective correlation rules and fed with actionable threat intelligence. Without understanding the main barriers, CISOs cannot outline a SOC’s development roadmap. That’s why we carefully analyze the customer's needs and pain points, assess existing cybersecurity systems maturity and identify gaps so that we can recommend the optimal solutions and service packages.”