Blog - article

Sorry, this blog post has not been posted yet. Come back and check again later!

Moving from prevention to detection with the SOC triad

By:
Marcus Hartwig
February 24, 2020

Long gone are the old days when implementing good preventative solutions was sufficient to keep your organization secure from breaches. For on-prem networks, traditional IDS solutions often incorporated in NGFWs have become long in the tooth and have issues keeping up with the ever-increasing volume of encrypted traffic. They rely on deep packet inspection, something that is becoming impossible with modern encryption standards. Other vendors often slap “AI” or “ML” on their solution to try to keep them relevant, but the fact remains – It’s impossible to stop attacks if you can’t even see them.

Modern organizations are also adopting cloud services at an increasing rate. This, coupled with a more mobile and distributed workforce, makes the concept of monitoring traffic going in and out of your network less relevant, as traffic often goes from remote locations directly to the cloud. Newer, preventative approaches have thus adjusted, and they are often focused on enforcing strong user credentials and MFA to keep user accounts safe. However, attackers have adapted and become adept at compromising already authenticated sessions, thus circumventing MFA and passwords altogether. In fact, account takeover (ATO) has become the most significant attack vector for cloud apps. On this backdrop, there is no wonder that security professionals shifted from compromise prevention to detecting and reducing the amount of time an attacker has access to company resources.

Modern SOCs today are looking for tools that can give them complete visibility into user endpoints, multi-cloud, hybrid, and on-prem networks, as well as correlation and forensic capabilities. In this search, the SOC visibility triad has emerged as the de-facto standard. The SOC visibility triad encourages three specialized technologies. EDR for endpoint, NDR for Network, and SIEM for security analytics and correlation. But for all of this tech to be successful, they need robust integrations to each other, as SOC analysts’ time is at a premium.

As the leading NDR platform, we have always had a strong focus on building partnerships that will benefit our customers, and it is important for us to build deep technical integrations with all the popular solutions in the SOC triad. Today we announced a partnership with Chronicle Backstory; they will join us in our already rich SIEM integration ecosystem together with Splunk, ArcSight, and QRadar. In the EDR corner, we have also recently added some new partners next to Crowdstrike and CarbonBlack, namely Cybereason and SentinelOne.  

With these partnerships, organizations can start to feed high-value detections, and security-enriched network metadata using Vectra Cognito Stream into existing workflows and automate the correlation with logs from other threat signals in the Chronicle security telemetry. Together, Vectra and the SOC triad deliver a practical solution to the most persistent problems facing today’s enterprise cybersecurity teams – finding and stopping active cyberattacks while getting the most out of limited time and resources.

Read more about our tech-integrations and the SOC triad. For more information about threat behaviors and privilege-based attacks or to see the Cognito platform in action, please visit vectra.ai/demo.

About the author

Marcus Hartwig

Marcus Hartwig is a senior product marketing manager at Vectra. Has been active in the areas of IAM, PKI and enterprise security for more than two decades. His past experience includes product marketing at Okta, co-funding a company in cybersecurity professional services, as well as managing a security product company – a combination that has left him passionate about all parts of product marketing, design and delivery.

Author profile and blog posts

Most recent blog posts from the same author

Security operations

Dridex resurfaces to open the door to credential theft

December 17, 2019
Read blog post
Security operations

Moving from prevention to detection with the SOC triad

February 24, 2020
Read blog post
Cybersecurity

2019 Black Hat survey: The network is transforming

August 19, 2019
Read blog post