AnchorPoint Security » Security Intelligence

Real-Time Security Intelligence From Our Experts

Intelligence Powered By The AnchorPoint SOC.

Security analysts are a lot like detectives. During security incidents and investigations, they need to get to the culprit as quickly as possible. This is complicated, especially when mountains of security-relevant data are constantly being produced. Context is key: one piece of information by itself may mean nothing, but then again, it may become a very important piece of a larger puzzle.

Security intelligence is an essential part of putting that puzzle together. By automating the correlation of real-time events identified by AnchorPoint’s SOC, AnchorPoint’s Integrated Threat Response (ITR) service provides your team with all of the puzzle pieces through a single pane of glass.

Dynamic Incident Response Guidance – for Every Alarm.

Defend Against New Threats with Intelligence from the AnchorPoint SOC

Being a security analyst is tough. You don’t have all day to research new exploits and try to tie them to recent event data. Heck, on a typical day, your lucky if you can simply conduct a basic log review! But it turns out AnchorPoint’s team is dedicated to doing just that. In addition, there are often so many items to respond to, it’s hard to know what to do next. AnchorPoint’s incident response guidance and our vigilance in discovering new malicious hosts and exploits will help give your team some time back in their day.

For each alarm that is generated by the AnchorPoint’s SOC, customized step-by-step instructions are provided to our ITR customers. By providing contextually relevant workflow-driven response procedures, your team knows exactly what to do next. The AnchorPoint Security Engineers have curated these how-to-respond instructions based on rich CSIRT experience, security industry partners, as well as our own threat intelligence.

For example, an alert might identify that a host on your internal network is attempting to connect to a malicious external host. AnchorPoint’s incident response guidance would include details about:

  • The internal host such as owner, network segment, and software that is installed
  • The network protocol in use and specific risks associated with it
  • The external host and what exploits it has executed in the past
  • The importance of identifying potential C&C (command and control) traffic
  • Specific actions to take for further investigation and threat containment – and why you should take them

Security Intelligence in Action.

To demonstrate the power of the AnchorPoint SOC’s security intelligence capabilities, consider the following example:

  • A port scan is detected by your firewall.
  • The source address of the scan is correlated with the destination address of an SSH session from an internal host. A lookup of your asset inventory automatically identifies the risk profile of the internal host – the host is critical to business operations creating a critical security incident.
  • The compromised host is then scanned for other vulnerabilities from within AnchorPoint SOC’s advanced toolset and it is found to be missing a critical security patch.
  • The compromised host is patched and returned to service.
  • A complete forensic analysis for the past 30 days is run for the compromised host to determine if additional corrective action is required.
  • The incident is anonymized and reported to the threat exchange to protect others from a similar exploit. Remember: this step is optional, as you can opt-in to share this information and none of your sensitive data is ever transmitted.

AnchorPoint Integrated Threat Response (ITR) customers get all of this for less than the cost of one FTE. Yeah, that’s a pretty nice ROI! You get an entire Security Operations Center (SOC) doing this 24×7 for less than the cost of one “IT guy.”

security intelligence graph