GMST SECURITY ANALYTICS (SA) - PERSPECTIVE - GM Sectec
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
PERSPECTIVE
GMST SECURITY
ANALYTICS (SA)
CRITICAL VISIBILITY ACCELERATING
DETECTION ACROSS MODERN HYBRID IT
ENVIRONMENTS
CLOUD. HYBRID, DETECT. HUNT.
OR ON-PREMISE. PRIORITIZE.
Gain critical threat visibility that evolves Identify the most elusive of threats. Focus on
regardless of your environment. Remove those that matter most.
potentially dangerous blind spots.
VALIDATE. ACCELERATE. COMPLIANCE. REPORTING.
REMEDIATE. SIMPLIFICATION.
Minimize threat actor dwell time with rapid Realize the traditional benefi ts of a SIEM
response to prevent business disruption. without the complexity and cost.
1
Whether your data is on-premises, in the cloud or data analytics, machine learning, customized rule-sets
somewhere in between, GMST SA evolves with the and behavioral analysis to make sense of expected
requirements of your modern hybrid IT environment. and unexpected events and behaviors across your
environment. Proprietary threat-hunting methodology
This cloud-native, SIEM alternative, embedded in
and full forensic investigation are performed to confi
GM Security Technologies Managed Detection and
rm a threat’s presence and determine the extent to
Response services, aggregates meaningful and
which the threat actor has spread. Minimizing threat
actionable intelligence from your network assets,
actor dwell time, false positives are eliminated and our
endpoints, applications and cloud services. And, you
analysts alert you to confi rmed threats, giving you
can have it up and running in a fraction of the time of a
step-by-step guidance to contain and eliminate attacks.
traditional SIEM.
Data visualizations, customizable reporting and KPIs are
GMST SA is designed to be more than a compliance available, giving your team visibility to what our analysts
and reporting tool. GMST SA provides critical visibility are investigating and ensuring you meet the strictest of
across your threat landscape to GMST Security regulatory requirements.
Operations Center (SOC) analysts who leverage big
VISIBILITY
GMST SA handles the on-premises sources you expect a traditional SIEM to cover, with the added ability to support a
collection of custom applications via script. It also delivers an extensive library of available integrations including, but
not limited to:
AWS Services Database Google Compute Platform
• Microsoft SQL IT Infrastructure
Microsoft
• MongoDB
• Active Directory Operating System
• MySQL
• Azure
• Host Metrics
• Oracle
• O365
• Linux
Compliance and Security DevOps
• Windows
• Docker
• Box
Storage
• Github
• Duo
• Jenkins Web Server
• Cylance
• Kubernetes • Apache
• Crowdstrike
• Apache Tomcat
• Cisco ASA
• IIS
• Okta
• Nginx
• Palo Alto
• Trend Micro
• Zscalar
2
WHAT IS GMST
SA DESIGNED TO
SOLVE FOR?
• Improving visibility and
FEATURES
scalability across hybrid IT
environments
24X7 monitoring with critical threat visibility.
• Reducing costly
deployment, staffing and
Cross-Platform Monitoring and Visibility
ongoing maintenance GMST SA collects, aggregates and monitors data across on-premises, cloud,
requirements multi-cloud and hybrid platforms like AWS, Microsoft Azure, Apache, and the
Google Cloud Platform providing our 24x7x365 SOC analysts with critical
• Accelerating time-to-value
visibility to threats across your entire threat landscape.
• Applying advanced analytic
and hunting capabilities to
detect known and unknown Azure Cloud Security
threats GMST SA utilizes machine learning and monitoring capabilities
across your Azure environment for real-time visibility, analysis and
• Correlating multiple events
data visualizations.
into a single incident
• Mapping threats to affected
Google Cloud Platform Security
GMST SA integrates directly into your GCP environment, providing
resources
instant insights into potential security issues and user activity for
• Performing ad hoc queries Google VPC, IAM, Cloud Audit and Google App Engine.
on stored data for forensics
AWS Security
• Accelerating investigation GMST SA integrates with your AWS cloud environment providing
and response times SOC analysts with a comprehensive view to see who is accessing
• Eliminating false positives AWS and when they make changes (CloudTrail), what they change
(Config), where this impacts network traffic and latency (VPC
• Prioritizing alerts
Flow), and how this affects your security and compliance posture
• Simplifying reporting (Inspector).
• Addressing policy and Apps for Extended Log Analytics
compliance requirements GMST SA extends functionality of log analytics with an extensive
library of apps that help optimize data collection for better security
monitoring.
3
ADVANCED DETECTION CAPABILITIES AND HUMAN-BASED THREAT
HUNTING EMPOWER RAPID INVESTIGATION AND RESPONSE
Embedded Threat Hunting and Forensic Real-time Search and Visualizations
Investigation GMST SA has preconfigured and customizable
GMST SA includes embedded threat hunting searches and dashboards with KPIs, giving our
and forensic investigation of aggregated log SOC analysts and your security team visibility into
data to accelerate precision that facilitates rapid abnormal behaviors illuminating what matters
response and threat containment. most.
Big Data Analytics Log Retention
GMST SA leverages the power of big data GMST SA retains all raw log data giving SOC
and advanced analytics to end-user behavior, analysts the ability to correlate information with
to detect anomalies (deviations from the data from ENDPOINT and NETWORK to conduct
established baseline) and to flag exceptions to thorough forensic investigations, drill down into
identify real and potential threats. details and assist with root cause analysis on any
security incident.
Machine Learning Integration
False Positive Elimination
GMST SA leverages the power of big data
and advanced analytics to end-user behavior, GMST SA increases the velocity and accuracy
to detect anomalies (deviations from the of threat detection so our SOC analysts can
established baseline) and to flag exceptions to determine what is noise vs. true security events
identify real and potential threats. to ensure your team is only alerted to verified
threats.
SIMPLIFIED MANAGEMENT WITH DATA VISUALIZATIONS
AND REPORTING
Co-Management Time to Value Simplified Compliance
Management Reporting
GMST SA provides a co-managed GMST SA is a pure SaaS offering
model with access to run your that features simple-to-deploy GMST SA ensures compliance
own advanced search queries, collectors with rich filtering mandates are met with
generate alerts, manage profiles, capabilities that can be up centralized logging, continuous
run reports, and investigate and running within minutes. It monitoring, and automated
events alongside our SOC offers access to all the latest retention policies with various out
analysts. capabilities without the need of the box, and custom security
for time-consuming, expensive reports that meet regulatory
deployment and upgrades. requirements such as HIPAA, PCI,
SEC, GDPR, and more.
4BENEFITS
• Comprehensive 24x7x365 threat monitoring • Improved post-attacks forensics
• Complete threat visibility across your threat • Reduction of false positives
landscape
• Minimizes threat actor dwell time with integrated
• Flexibility to run your own queries, alerts, profiles, response
reports, and investigate events alongside analysts
• Threat containment and co-managed remediation
• Removes traditional complexity and cost of a SIEM
• Unparalleled insight with visualizations and
with rapid time-to-value
customizable searches
• Comprehensive, correlated and accurate analytics
• Simplified compliance management and reporting
of security events provided
• Detection of known and unknown threats
HOW DOES IT WORK?
Client
on-premises and cloud-based collectors
Network Applications Endpoints Active Identity Cloud Client IT /
Assets Directory and Access Security Team
Management
Bi-Directional Communication
Alerts • Containment
Network Endpoint Log
Plataform Co-
managed
Managed Detection And Security Operations Center
Response Platform • Forensic investigation
Data enrichment and cross • Suspicious • Confirmation of true
correlation of logs, PCAP Events positive
and full endpoint telemetry
• Anomalies • Tactical threat
• Behavioral analytics
Threat • Potential containment
Intelligence • Machine learning Threats • Co-managed remediation
• Big data analytics
5BETTER TOGETHER: GMST SECURITY ANALYTICS
Logs provide critical visibility that enable better and more at the host level, with the ability to isolate
observation, orientation and decision making in damaged systems or stop processes in near realtime.
disrupting the attacker kill chain. But, logs alone GMST SA, when deployed in combination with Palo
are limited in the depth of data that permits deeper Alto Networks Traps and Palo Alto NGFW, provides our
investigation and remediation of security incidents. SOC analysts with a comprehensive set of enriched
In addition, log-based security can delay detection of signals that eliminates blind spots in which threats can
events and response due to lag time of inbound signals lurk. Most Managed Detection and Response providers
as opposed to the near-instantaneous feedback of a live rely solely upon log data and are limited to simple alerts
network stream or endpoint technology. The greater generated by myopic prevention technologies. GMST
the signals and forensic data available to analysts, the SA, when deployed with PA Traps and PA NGFW, enables
greater their ability to cross-correlate information that our analysts to go beyond alerts empowering their
accelerates hunting, detection and response. ability to take action on your behalf. Implementing host
isolation or network communication disruption, threats
GMST provides the gold standard for forensic data, with
are contained in near real-time, mitigating risk to our
timestamps, full-packet capture and analysis with the
organization.
ability to contain threats through TCP resets. GMST
provides deep insight into processes, file changes,
WHY GMST SECURITY ANALYTICS
Other Managed Security
GMST
Services Providers
Initial Deployment and Setup
Account/Role Setup
Setup/Deployment/Configuration of Collectors
Configuration of Sources
Training and Onboarding
Dashboard Setup
Ongoing Dashboard Maintenance
On-going Operations
Deployment/Setup of New Collectors and Apps
Parsing Operations
Log Collection, Management and Correlation
Writing of Search Queries Limited
Modification of Search Queries Limited
Creation of Reports
Modification of Reports
Patches, Hot fixes, and Functional Updates
Creation of Correlation Rules Limited
Modification of Correlation Rules Limited
Threat Intelligence Integration/Updates
6Other Managed Security
GMST
Services Providers
Monitoring
24x7 Monitoring
Incident Investigation and Management
Threat Hunting
Forensics & Investigation
Correlation With Full Endpoint Telemetry*
Correlation With PCAP Data From The Network*
False Positive Elimination
Alerts
Tactical Threat Containment: Host*
Tactical Threat Containment: Network*
Response Plan
Remediation Guidance
Reporting
Daily Log Review For PCI
Monthly Reporting (system generated)
Creation/Maintenance of standard reports
Creation/Maintenance of customized reports
Compliance Report Creation/Updates
Report Validation and Review
NEXT STEPS
Get in contact with us!
Twitter:
@GMSECTEC
Web:
www.GMSECTEC.com
Email:
info@gmsectec.com
7ABOUT GM SECURITY
TECHNOLOGIES:
GM Security Technologies offers innovative
solutions and services in cybersecurity,
governance, and compliance focused on
managing digital risk. Its solutions are designed
to detect advanced attacks and respond to
them effectively, reducing business risk, fraud,
and cybercrime. Founded in 1970 as General
Computer Corporation and later as GM Group
in the 1990s, GM Security Technologies has
an extensive track record and experience in
the management of policies and integrated
processes of technologies and standards for
data protection in payment system risk. Its
commitment to the principles of simplicity,
innovation and customer success has made
them the leading and fastest growing provider of
security and technology in Latin America and the
Caribbean.
To learn more about GM Security
Technologies, visit our website:
www.gmsectec.com
8You can also read
