Additional information
Source: Web-site of vendorThe project has been delivered on schedule
The budget has not been exceeded
Functionality complies with task
The project has been delivered on schedule
The budget has not been exceeded
Functionality complies with task
COMPANY PROFILE
The international company profi led plays a role in every aspect of the energy industry, from exploration, to production and distribution of crude oil and natural gas, to the development of future energy resources. The company has 80,000 employees worldwide and is committed to a long-term strategy of growing its reserves and production while ensuring sustainability and improving profi tability.THE SITUATION: COLLABORATION OF GEOGRAPHICALLY DISPERSED SOC TEAMS
The company has an extensive, global security operations center (SOC) team to protect critical missions. Around-the-clock incident response teams reside in three locations around the world, and include an investigation and forensics team as well as a senior analyst team for reviews and escalated intrusions. Communication with teams focused on the perimeter fi rewall, email infrastructure, and network operations help to implement mitigations or steps to thwart intrusions.The need for many geographically dispersed teams to work together made it diffi cult to determine the state of alerts and mitigations across the system. Every analyst had a different system of recording analyses, and efforts were often duplicated because they had no way to share their work. They lacked clear understanding of the distribution of work, and team members did not have a clear line of sight for what tasks needed to be completed.GOAL & CHALLENGES
SOLUTION: THE PALISADE PLATFORM
An evaluation of numerous security tools and management platforms designed to gather and aggregate data from disparate sources led the company to invest in Palisade software. This intelligence management application develops and stores multisourced cyber intelligence to use in combatting advanced threats. The Palisade solution is not just an intelligence ingest engine or broker—it’s a tool for analysts to create an adaptive network defense. The Cyber Kill Chain® Solution uses a phased, sevenstep process to help defenders understand the objectives, profi les, and behaviors of adversaries. A kill chain model describes the phases of intrusion, allowing defenders to align their enterprise defense to the specifi c processes an adversary uses to target them. The seven phases of the Cyber Kill Chain suite process are reconnaissance, weaponization, delivery, exploitation, installation, command and control, and action on objectives. Intruders succeed if, and only if, they reach step seven in the cyber threat model.A defender’s goal is to understand the aggressor’s actions. Understanding is intelligence. The Palisade platform ensures analysts have actionable intelligence to thwart attacks before the adversary reaches step seven.RESULT: A VIRTUAL, COLLABORATIVE ENVIRONMENT FOR GLOBAL SOC TEAMS
The establishment of queue work groups and external assignee groups via the Palisade implementation allowed security operators to set up a virtual collaborative environment with a fl exible workflow. Team members were now able to communicate and work in partnership within the system to build a central repository of intelligence information using customizable classifications, alert metadata, mitigations, and notifications."No matter where a team Member is located or what Their specifi c job function, They can easily log into the Palisade application and get a Consolidated view of incidents And remediations across the Enterprise."-SOC Team Member The Palisade platform can also measure analysts’ work so SOC managers can track them over time and monitor improvement. Viewing shift reports and Palisade charts helps managers better understand current system output, distribution of events, time to closure of events, and distribution of indicators by confi dence and number of occurrences. This means management has a better understanding of the progress made toward more effi cient and effective analyst teams.
Ensure Security and Business Continuity
Centralize management
Manage Risks
Decentralized IT systems
Risk or Leaks of confidential information
No centralized control over IT systems
IT infrastructure downtimes
Unstructured data
Risk of attacks by hackers