WHITEPAPER AI-Driven Managed Detection and Response

www.paladion.net

Author:Sachin VargheseEVP Americas & CMO

AI-Driven Managed Detection and Response Designed to take down the most advanced cyber threats

WHITEPAPER

in This Issue

Executive Overview

Paladion’s Left of Hack to Right-of-Hack ServicesSM

Left of Hack Right of Hack

Paladion’s AI-Driven MDR: In-Depth

Detection Phase Response Phase

Client Success Stories

About Paladion

03

04 0506

07

0809

10

12

AI-DRIVEN MANAGED DETECTION AND RESPONSE 03

1.

1 Forrester’s Global Business Technographics® Security Survey, 2016

Executive Overview

Paladion’s AI-driven Managed Detection and Response (MDR) service provides rapid, comprehensive threat detection and response.Our Gartner-recognized service gives youthe security tools and experts you need to anticipate, hunt, and stop attacks in nearreal time—mitigating your threats before they impact you. Deploy our service to gain three key benefits:

1. Organizational Trends

Get comprehensive defense with our left-of-hack-to-right-of-hack MDR program. Our serviceenables you to not only anticipate, hunt, anddetect threats, but also to swiftly mitigate them.

2. Cyber Defense at speed

To prevent breaches from impacting you, your defense needs speed. Paladion’s AI-Driven platform sift through terabytes of data rapidly and deploy response playbooks at near real-time speeds to keep up you protected.

3. Low Noise, High Touch Service

We bring in one of the largest pool of securityprofessionals and combine them with our AIplatform so you only receive validated threats, and high-touch response services. Lower the time and effort you spend on cyber security— while remaining protected against a variety of next-generation threats—with our unique combination of custom-built AI defenses and the largest pool of MDR experts.

Time to RespondTime to Detect

Contain and recover swi ly

with agile response from

machine learning

Evict attackers, eradicate threats, and advance your

defenses from the learning

Get swi analysis on threats,

impact on assets, blast radius, and

more

Detect known threats in near real-time using sophisticated

rules & correlations

Discover evasive threats using

Machine Learning and experienced

threat hunters

Apply global threat intel to proactively fix

gaps before threats reach you

AutoContainment

ResponseOrchestration

IncidentAnalysis

ThreatHunting

SecurityMonitoring

ThreatAnticipation

ImmediateEarly

LikelyCompromise

Figure 1: Paladion’s Left of Hack Right of Hack Service

“Use MDR services to add threat detection, lightweight incident response, and 24/7 monitoring capabilities when they don’t exist or are immature within an organization.”1

Late Deliberate


1.


Paladion’s Left of Hack to Right-of-Hack Services SM

Paladion’s AI-Driven MDR combines Artificial Intelli-gence & automation with battle-hardened human expertise to deliver end-to-end threat management. Our unique MDR service defends you at each stage of an attack:

O



LEFT OF HACK

Threat Anticipation

Protects against emerging threats. Continuously monitors global feeds, identifies your likely new threats, and proactively raises your defenses against them. You gain both Tactical and Strategic Threat Intel to learn which emerging threats you can ignore, and which you must defend against immediately.

Threat Hunting

Finds threats lurking in your network. Deploys four forms of analytics to find attacks traditional cybersecurity misses: Endpoint Threat Analytics, User Behavior Analytics, Network Threat Analyt-ics, Application Threat Analytics.

Security Monitoring

Goes beyond basic compliance-mandated monitoring. Gain a deeper awareness of your business risks. Paladion’s 1,000+ global cyber security experts give you 24/7 monitoring, real-time alerts, logmanage-ment, compliance-ready reporting, and monitoring of all cloud infrastructures and popular platforms (Azure, AWS, O365)

“Organizations that have not yet invested, or are underinvested, in detection and response technologies and

internal capabilities should consider MDR services.”2

O



06


RIGHT OF HACK

Incident Analysis

Fully investigates your threats and define immediate incident mitigation steps. Provides a birds-eye view of any unfolding incidents, traces your alerts from validation to investigation, and extends visibility beyond basic indicators of com-promise to quickly separate your false positives from your real incidents.

Auto Containment

Respond to threats rapidly with our proprietary AI platform, AI.saac’s, agile auto threat containment. AI.saac can autonomously executeplaybooks to contain network and endpoint threats while raising a ticket immediately, so Incident Responders can analyze, evict the attacker,


Orchestrates a rapid, coordinated, and effective response to any incident you suffer. Our unified, expert response will combine machine speed with human insight to produce a comprehensive, collaborative, and fully bespoke response plan tailored to your unique organizationand specific compromise.

Transform Your Cyber Defense with AI-Driven MDR Paladion brings 18 years of experience and over 1,000 cyber security experts to your defense. Request a demo today: US: +1-844-509-7668 – India: +91-80-42543444 – Middle East: +97142595526


1.


Paladion’s AI-Driven MDR: In-Depth

Meet Paladion’s Next Generation AI Platform: AI.saac

Paladion’s comprehensive MDR services is driven by their AI platform – AI.saac.

AI.saac offers a crucial layer to any existing SOC and SIEM, and provides your cyber defenses with the firepower required to proactively detect, manage, and respond to complex, targeted attacks. AI.saac provides:

� Active Discovery of threats along all stages of the cyber kill chain.

� Active Response via centralized and automated incident response.

� Multiple Statistical Models & Learning Algorithms to detect unknown threats.

� Visual Analytics that map your trail of hiddenthreats.

� A Highly Scalable Analytics Platform that can be deployed immediately onto your security posture.

Traditional SIEM-based security monitoring cannot detect complex, targeted, or unknown attacks. It is unable to analyze a high volume of varied data. In short: it is unable to defend you from next-generation cyberattacks. In response, we have evolved beyond SIEM, and built a truly comprehensive MDR servicepowered by our next-generation AI platform – AI.saac. AI.saac enhances every stage of our comprehensive left-of-hack-to-right-of- hack MDR service:



DETECTION PHASE

Threat Anticipation

Mines over 100 TB of global threat data daily.Identifies emerging global threats, correlateseach threat’s impact against your assets, anddetermines your most likely threats.

Threat Hunting

Analyzes terabytes of data in seconds. Deploys550+ AI models and use cases. Detects threatstraditional security misses within your endpoint,user, network, and application data.

Security MonitoringConstantly monitors the risk level of yourassets, users, and external IPs. Reviewshistorical alerts via probabilistic models to ID assets and uncover deeper links between alerts.



RESPONSE PHASE

Incident Analysis

Removes irrelevant noise and only flags likelyincidents. Scores relevant data to prioritizealerts, and automates attribution, attack chaincreation, and patient zero identification.

Auto Containment

Deploys hundreds of playbooks toautomatically contain a threat. AI.saaccontinuously learns (machine learning) to addnew playbooks and effectively contain a threatin minutes.


Centralizes and orchestrates incident response to reduce attacker dwell time from weeks to under one day. Incident responders make sure attackers don’t exploit the same vulnerability, and adapt defenses so attackers cannot use thesame TTP again.

Combat Sophisticated Cyber Threats with AI.saacExecute detection and response across the full lifecycle of a threat in minutes – not months.Request a demo today: US: +1-703-956-9468 – India: +91-80-42543444 –Middle East: +97142595526


1.


Client Success Stories

We monitor over 25 billion security events—and respond to over 100 incidents – every day for our clients. In the past 18 years in the business, we have served over 700 clients, including nearly 10% of the Fortune 500.

We detected a drive-by-download-based infection of multiple

a company-sponsored course from an educational institution. However, the educational institution’s website had been

institution’s employees when they downloaded their course.

EDR data. It utilized a non-parametric statistical model and

The sudden, compromised behavior of multiple users.

Traced the infection to the website distributing it.

educational institute as the source of the infections.

Success Story 1: Drive-By-Download Infection What Paladion Found

“Paladion was able to swiftly deploy their technology and services across our vast net-work. We see a significant improvement in our threat detection maturity with their MDR threat hunting, and our in-house ITteams no longer need to spend their efforts analyzing and remediating complex cyber threats. Paladion has provided us the much-needed security assurance with their MDR service.”

– Mukund Dadarkar, Head IT and CISO, Quality Kiosk

“Paladion’s AI-Driven MDR has drastically enhanced our threat visibility. Our customers data is important to us as an organization, and they feel more secure knowing that we are proactive when it comes to incident and threat analysis. It

has been a crucial partnership for Stratus Video.”

– Chris Downing, VP Engineering at Stratus Video

We detected multiple compromised endpoints running the Trojan NsCpuCNMiner32.exe, and software that uses the infected comput-er’s CPU to mine the Monero digital currency. The Trojan spreads as an executable (called Photo. scr). When started, it copies itself to every drive on the infected computer, and then extracts an execut-able (called NsCpuCNMiner32.exe) to the %Temp% folder to launch the executable. When launched, it co-opts all available CPU process-ing power to mine the Monero digital currency

Programs running the command line “C:\ Users\>username>\ AppData\Roaming\Images\ NsCpu CNMiner32.exe”

Measured 1% expectancy, identi fying the program as a top outlier.

A program hashcode that has been blacklisted by a dozen AV vendors.

Success Story 2: Crypto Mining Operations What Paladion Found

Two days after we deployed our services for a large bank with250,000+ endpoints, we detected a previously undetected data-theft keylogger. The malware was sending information to an external URL that had not received a blacklist score from any threat intelligence feed. However, our AI models detected anomalous beaconing behavior within

-py of sets— and multivariate gaussian model. We discovered the

logs captured from infected systems.

Malware beaconing behavior within multiple client endpoints

Data-theft keylogger malware variant that wasn’t detected by

months.

Variant IOCs scanned across all endpoints.

Success Story 3: Data Theft by Undetected Malware What Paladion Found

attack and had to suspend production. Our incident response team

encrypting. A few machines were heavily infected and required formatting but a majority of them could be disinfected by removing

systems including servers were live. Our experts removed malware -

The sudden, compromised behavior of multiple users.

Traced the infection to the website distributing it.

educational institute as the source of the infections.

Success Story 4: Ransomware Attack What Paladion Found



About Paladion

Paladion is a global cyber defense company that provides Managed Detection and Response Services, DevOps Security, Cyber Forensics, Incident Response, and more by tightly bundling its AI platform - AI.saac and advanced managed security services. Paladion is consistently rated and recognized by leading independent analyst firms, and awarded by Frost&Sullivan, Asian Banker, Red Herring, amongst others. For 18 years, Paladion has been actively managing cyber risk for over 700 customers from its 5 AI-Driven SOCs placed across the globe.

Please visit www.paladion.net for more information. Contact Paladion todayUS: +1-703-956-9468 | India: +91-9741115000 | Middle East: +97142595526

[email protected] | www.paladion.net

Documents

WHITEPAPER AI-Driven Managed Detection and Response