Charles Leaver – Ziften Can Help You Implement Your Gartner SOC Nuclear Triad

Written By Dr Al Hartmann And Presented By Charles Leaver Ziften CEO

Anton Chuvakin, VP and security analyst at Gartner Research posted about the 3 essential Security Operations Center (SOC) tools required to supply effective cyber attack visibility. Chuvakin compared them to the cold war’s “nuclear triad” idea of siloed, airborne, and nuclear submarine capabilities needed to guarantee survival in an overall nuclear exchange. Similarly, the SOC visibility triad is essential to ensuring the survival of a cyber attack, “your SOC triad looks to substantially decrease the chance that the assailant will operate on your network long enough to accomplish their goals” as Chuvakin wrote in his post.

Now we will look at the Gartner designated essentials of the SOC triad and how Ziften supports each capability.

SIEM (Security Information and Event Management) – Ziften Open Visibility ™ extends existing security, event monitoring tools and system management by delivering essential open intelligence of any business endpoint. Ziften’s Open Visibility platform now consists of integration with Splunk, ArcSight, and QRadar, along with any SIEM supporting Common Event Format (CEF) alerts. Unlike competing product integrations that just provide summary data, Ziften Open Visibility exposes all Ziften gathered endpoint data for full featured integration exploitation.

NFT (Network Forensics Tools)– Ziften ZFlow ™ extends network flow based cyber security tools with crucial endpoint context and attribution, significantly boosting visibility to network events. This new standards based innovation extends network visibility down within the endpoint, gathering crucial context unobservable over the wire. Ziften has an existing product integration with Lancope, and also has the capability to quickly integrate with other network flow collectors using Ziften Open Visibility architecture.

EDR (Endpoint Detection and Response)– The Ziften Endpoint Detection and Response system constantly evaluates user and device habits and highlights abnormalities in real time, permitting security analysts to hone in on sophisticated threats faster and lessen Time To Resolution (TTR). Ziften EDR allows companies to more quickly determine the origin of a breach and choose the essential restorative actions.

While other security tools play supporting roles, these are the 3 basics that Gartner asserts do constitute the core defender visibility into enemy actions within the targeted organization. Arm up your SOC triad with Ziften. For a no commitment complimentary trial, check out: to learn more.