Security

SOAR with ProofPoint ThreatResponse Automation Services

By June 25, 2019 No Comments

 

CHRONOS GLOBAL – Security Automation 

One of our CORE PRINCIPLES at Chronos: “If It’s not automated, It’s broken”

We look at everything we do for our customers through the lens of automation. We know that no mater what the product, service or technology being deployed, success of the initiative is based on how the rubber meets the road! In other words, how operations and incident response are managed. ROI, lives at those layers!

The Chronos DevTeam knows how to leverage the PYTHON scripting engine in ProofPoints ThreatResponse to get the most out of your investments and streamline your workflows.

@Chronos

  • We understand Security
  • We understand Secure Development
  • We understand Security Orchestration Automation and Response
  • …and we love ProofPoint Threat Response!

ThreatResponse’s python scripting capability is the best tool to integrate your entire ProofPoint security ecosystem. We use that capability to make your alerts actionable and your response process automated, and we do it through smart correlation of both Proofpoint and 3rd party services.

We have experience integrating, correlating and automating responses across multiple data sources:

  • Built-in IOC verification
  • ProofPoint DLP
  • ProofPoint Email Fraud Protection
  • ProofPoint CASB
  • ProofPoint TAP
  • Multiple SIEM technologies
  • Countless 3rd party APIs

We have done API integration with SIEMs, Data Lakes, End Point Security tools, Threat intel, Ticketing Systems (ITSM) and much more!

Methodology

All SOAR engagements are customized to meet your goals and objectives which may include advanced integrations across custom APIs. We follow Design for Impact (D4I) as a core principle and methodology to create workflows that drive transformation and business impact. We help you find important problems, that we can solve with a durable advantage! As an example, The following workflow Integrates Threat Intelligence from digital shadows to Identify parked domains that may be used In a spear phishing campaign and automatically quarantine them!

 

Designing Effective Workflows

  • Deep Customer Empathy: Understand what really matters by observing operational processes with a “follow me home”.
  • Find an Important Problem: Identify a problem that we can solve that provides real business Impact.
  • Go Broad to Go Narrow: Create options before creating choices to come to Explicit Criteria that we can map to actionable results.
  • Understand your Data: How to access It, how to normalize It, how to store It and how to correlate It.
  • Rapid Experimentation: Test you’re correlation theories, get results!

Example Workflows

  • Automated Malware Investigation
  • Account Takeover Quarantine
  • Data Leakage Remediation
  • Threat Response Auto Pull
  • and many more…

Contact us to discuss your vision…

There is no impossible!

References