Security Automation& Orchestration
Integrate, Innovate and Transform your People,Process and tools together
ALTEN Calsoft Labs envisions to deliver Automated and orchestrated Cyber Defence platform for the SOC and security professionals. Security Automation and Orchestration derived from lack of automated processes, practices, and collaboration.
With many repetitive tasks to perform, security analysts struggle with alert fatigue and thus, a lot slips through the cracks. SAO automates simple tasks, prioritizes critical events, and puts time back on the clock to proactively hunt threats.
SAO streamlines security teams, tools, processes, and threat intelligence for faster, more efficient actions.
By combining security automation and orchestration with Threat intelligence, Situational Awareness and Historical Knowledge determine what and how processes should be handled.
Threat intelligence allows the process to automatically adjust itself and helps you drive further decision making.
Security teams are then able to fully utilize their current investments by automating repetitive tasks, prioritizing critical events, and providing situational awareness and additional context needed to inform decision making that will better protect your organization from attacks.
SAO: SOLUTION OVERVIEWFirst of its kind Programmable Security Controller, intended to allow organisations to automate and orchestrate their internal security operations.
Incidents
Vulnerabilities
Intelligence Feeds
Restore Endpoint
Block IP
Query File Reputation
Cisco ASA Firewall
MS Active Directory
Virus Total
Firewall
Directory Services
SIEMs
AD Admin
FW Admin
SIEM Admin
Incident ResponsePlans
Patch Deployment
PLAYBOOKS ACTIONSSECURITYDATA APPS ASSETS OWNERS
Write security automation playbooks for any unstructured data that you would like to send to it. Play books are written in python.
APPS extend the platform by adding connectivity to third party security technologies in order to execute actions.
Provides an abstraction layer to hundreds of possible security products
ASSETS must be configured within the platform in order to automate actions on them
BUILDING BLOCKS OF SAO
INGESTIONComponents responsible for ingesting Data from disparate data sources on demand or in a continuous real time fashion.
Examples of ingestion sources are SIEMS like ArcSight, QRadar and Splunk. The data is consumed, processed and normalised for facilitating automated decision making and automated actions.
DECISION MAKINGSAO allows security operations teams to implement their response plans as Playbooks which are open, python based automation scripts that are executed on demand or automatically when new information becomes available.
WORKFLOWSDepending on the action and asset configuration ,security operations team are engaged to review the actions ,their parameters and changes implemented on the assets.
Only if the user approves of the changes does the system execute the actions. In the process users are allowed to approve, change, deny or delegate the decision making.
APPS, ASSETS & ACTIONSManages the complex tasks of identifying which action is applicable to which asset, and how to execute it using and open source app model i.e. connectors to respective products and devices.
ALTEN Calsoft Labs SAO platform increase analyst efficiency to support the entire threat investigation, through full remediation and recovery.
These efficiencies empower your team to more effectively respond and remediate cyber threats.
BENEFITS OF SAO
Save time by eliminating repetitive, mundane tasks
Increase efficiency by streamlining processes
Prioritize security events
Speed up response times by automating investigation process.
ALTEN Calsoft labs purpose- built, community powered SAO platform ingests high fidelity security data in real time from a wide variety of sources and provides unprecedented security operational efficiency by managing the lifecycle of an incident and automating execution of actions and response plans across entreprise IT assets.
MAKING SECURITY SMARTER, FASTER AND STRONGEREnterprises can be more effective in combating threats and actively defending their IT infrastructure by leveraging SAO platform that allows them to
Process all indicator of compromise; so that attacks can be addressed their earliest stages and before they can do widespread damage
Enable and empower the IT and Security operations team to act and actively engage in the lifecycle of incident and with required process and discipline
Make the IT security investments more effective by driving necessary configuration changes expediently to combat threats
USE CASES OF SAOPhishing investigations
SIEM Triage
Threat Hunting
Insider Threat Detection
Threat Intelligence
Background Verification
Endpoint Protection
Forensic Investigation
Blocking of indicators
Malware analysis
Indicator enrichment
Case management
[email protected] | www.altencalsoftlabs.com
ALTEN Calsoft Labs is a next-gen digital transformation, enterprise IT and product engineering services provider. The company enables clients to Innovate, Integrate, and Transform their business by leveraging disruptive technologies like cyber security , mobility, big data analytics, cloud, IoT, DevOps, RPA,software-defined networking (SDN/NFV). ALTEN Calsoft labs Cyber security Practice mission is to look at advanced cybersecurity technologies to the enterprises, service providers, BFSI and government agencies across the globe.The Managed Security services use Cyber Defence Platforms,Automation frameworks, Threat intelligence data and analytics to build defense systems against complex and sophisticated threats.
ALTEN Calsoft Labs is a part of ALTEN group, a leader in technology consulting and engineering services.
OUR GLOBALFOOTPRINT
UNITED STATES
2903, Bunker Hill Lane, Suite 107, Santa Clara,CA 95054.
3655 North Point ParkwaySuite 650, AlpharettaGA 30005
5 Great Valley ParkwaySuite 359, Malvern,PA 19355
UNITED KINGDOM
3-5 Crutched FriarsLondon EC3N 2HT, United Kingdom
FRANCE
40 avenue Andre Morizet,92514 Boulogne-Billancourt, France
INDIA
SINGAPORE
101, Cecil Street, # 24-10, Tong Eng Building, Singapore - 069533
1st & 2nd Floor, ESPEE IT Park, Plot No.5, Jawaharlal Nehru Road, Ekkaduthangal, Chennai - 600032
Stellar IT park, C-25, Sector-62, 3rd Floor (Western Side) of Tower-2, Noida - 201301
7th Floor, Tower D, IBC Knowledge Park, 4/1,Bannerghatta Main Road,Bengaluru - 560029
Level 7 Maximus TowersBuilding 2A Mindspace Complex, Hi-Tech City Hyderabad - 500 081
Top Related