By Adeline Chan, Product Marketing Manager, Threat Prevention
For many Security Operations Center (SOC) teams, finding malicious activity inside the network is like finding a needle in a haystack. They are often forced to piece together information from multiple monitoring solutions and navigate through tens of thousands of daily alerts. The results: critical attacks are missed until it’s too late.
Designed to address SOC challenges, Check Point launched Infinity SOC, a cloud-based platform that enables SOC analysts to expose, investigate, and shut down attacks faster, and with 99.9% precision. Read more find out how Check Point’s new offering enables SOC teams to achieve certainty with the investigation and intelligence tools used daily by the Check Point research team.
In our recent “Do SOC Teams have the certainty they need to do their jobs” blog post, we showed the damage that can happen the SOC misses an attack. In that example, the attackers were in the network undetected for 5 months. How did the SOC team miss the attack for 5 months?
Exposing, validating, and shutting down malicious activity in an organization’s environment have become extremely difficult due to the evolving threat landscape and challenges SOC teams face.
Introducing Check Point Infinity SOC
On July 7, Check Point launched Infinity SOC, a cloud-based platform that enables SOC analysts to expose, investigate, and shut down attacks faster, and with 99.9% precision.
Designed to address these common SOC challenges, Check Point Infinity SOC helps enterprises protect their networks by delivering:
- Unrivalled accuracy to quickly detect and shut down real attacks
- Rapid incident Investigations
- Zero-friction deployment
99.9% Precision: Expose and shut down only real attacks
Infinity SOC utilizes AI-based incident analysis to provide your team with a clear understanding of what they’re up against in any given moments. Instead of dealing with the daily event overload, this dashboard automatically pinpoints real incidents across your entire IT infrastructure, including networks, cloud, endpoints, mobile devices, and IoT.
Infinity SOC exposes even the stealthiest attacks with 99.9% precision by leveraging a multi-layered approach to detection:
- Enterprise-wide visibility: analyzing network, cloud, endpoint, mobile, and IoT events over an extended period of time.
- External threat visibility: leveraging ThreatCloud’s global visibility into real-time internet traffic to detect external threats outside the organization.
- Threat Intelligence: enriching every alert with threat intelligence and the power of ThreatCloud, and connecting the dots with big data analysis to uncover the most sophisticated attacks like APTs.
- AI-generated verdict: running AI-based incident analysis on top of the aggregated information (from all the layers mentioned above) to accurately determine whether the event relates to malicious activity. Infinity SOC AI-based engines have been trained and validated by some of the world’s largest SOCs.
Infinity SOC automatically triages alerts to enable quicker respond to the critical attacks and offers single click remediation with a lightweight client on the infected host.
It also prevents hackers from launching phishing campaigns against users by taking down lookalike corporate web and email domains. Infinity SOC is the only solution that detects threats inside and outside the organization, providing you with a complete view of the entire threat landscape.
Rapid Investigation: Accelerate and deepen investigations with the industry’s most powerful threat intelligence
Infinity SOC provides you with the tools and threat intelligence that enable you to conduct in-depth and faster investigations. Infinity SOC makes available to SOC teams the threat investigation and intelligence tools developed by the Check Point Research Team and used daily to expose and investigate the world’s most dangerous and sophisticated cyber-attacks.
With Infinity SOC, you can perform a search on any IOCs to obtain rich, contextualized threat intelligence that includes geographical spread, targeted industries, attack timeline, and methods.
Infinity SOC leverages Check Point ThreatCloud, the most powerful threat intelligence database. ThreatCloud is continuously enriched by advanced predictive intelligence engines, data from hundreds of millions of sensors, cutting-edge research from Check Point Research and external intelligence feed. On a daily basis, ThreatCloud analyzes 10 trillion logs, 86 billion IOCs, 2.6 billion attacks and 3 billion website and files.
Infinity SOC performs deep-link searches on social media and OSINT to find and surface relevant and useful information from web pages and documents for a deeper investigation.
Zero Friction: No deployment, integration and privacy concerns
Infinity SOC unifies threat prevention, detection, investigation and remediation in a single, centrally managed platform to give SOC teams unrivalled security and operational efficiency. It deploys in minutes, and avoids costly log storage and privacy concerns with unique cloud-based event analysis that does not export and store event logs.
How a customer uses Infinity SOC improve its security posture
Prior to its official launch, Infinity SOC was put to the test by more than a hundred customers. One of them, Terma, a Danish defense and aerospace manufacturer for both civilian and military applications, utilized Infinity SOC to detect and shut down attacks. The Terma team wanted a solution to help cut through the daily deluge of alerts and events to pinpoint the handful of genuine, potentially damaging threats to their network. Infinity SOC delivered all of that, and more.
With Infinity SOC, Terma was able to filter out all the irrelevant alerts and background noise so the team can see the true state of security across their network. This enabled Terma to focus on the activities that really matter. In addition, Infinity SOC also provided Terma with the valuable threat intelligence and hunting capabilities that they didn’t have previously.
Today’s SOC teams face a lot of challenges. However, Check Point Infinity SOC can help address these challenges. Check Point Infinity SOC is a cloud-based platform that enables security teams to expose, investigate, and shut down attacks faster, and with 99.9% precision. Infinity SOC unifies threat prevention, detection, investigation and remediation in a single platform to give unrivalled security and operational efficiency.