Organizations like yours must decide where to invest finite resources for security solutions and applied analytics.
Enterprise executives are also interested in quantifying and measuring the value of threat intelligence and security controls.
We understand this attention to ROI and the challenges of justifying results. Secureworks demonstrates the proof of what we deliver in terms of threat detection that enhance your product vendor solution and investment. Continued innovation in our attacker database paid off by detecting new and evolving Ransomware that initially evaded security controls
In this video, Ben Feinstein, Director of Operations & Development of our Counter Threat Unit, outlines how we quantify and measure the value of threat intelligence as he demonstrates advanced countermeasures via an actual client scenario.
What You Will Learn:
- Understand the value and application of threat intelligence from Secureworks
- How to protect and enhance your investment in existing product platforms
- Learn about our threat intelligence in action with complementary vendors
In terms of quantifying or measuring the value of our intelligence, we do this internally through looking at how many incidents, or how many, cyber-attacks we are detecting the application of our intelligence. So we are able to slice and dice our data and telemetry looking at what’s being detected by vendor security controls, third-party security detections, and what’s being detected by our own intelligence, our own platforms. And so what we find is that the addition of our intelligence on these platforms definitely raises the bar into it detects additional security incidents. And oftentimes we’re able to proactively block and prevent those incidents from occurring in the first place.
Really, the proof is in the service we deliver, and so as a managed security services client of ours, we’re are able to do some comparisons and look at what product vendors are detecting, you know where we’re monitoring, or managing that security control. And then look at what’s being detected and blocked based on the application of SecureWorks’ own intelligence on top of those platforms.
Our Intelligence in Action
For several years, SecureWorks has offered the attacker database service, which is a set of threat data feeds and APIs that allows our clients to directly consume our threat indicators intelligence. So in July 2016, I was very excited when we announced the integration of our attacker database data feeds with the Palo Alto networks next-generation firewall platform. So what we’ve done with this, is that we’ve leverage some functionality on the Palo Alto next GEN firewall platform that supports dynamic external block lists. And what we’re doing, is we’re automatically feeding those block lists with our attacker database data feeds. We’re proactively able to block malicious network activity based on the IP addresses, host names, domain names that we know to be malicious through our own intelligence.
And so in this case, a Ransomware delivery was able to evade the security controls that were in place. However, through the application of our threat intelligence on top of the Palo Alto platform, we detected and blocked communication back to the command-and-control node that was used by this ransomware family.