By Al Hartmann

Make Ziften a Part of Your Gartner “SOC Nuclear Triad”

Make Ziften a Part of Your Gartner “SOC Nuclear Triad”

Gartner Research VP and security analyst Anton Chuvakin blogged recently on three essential Security Operations Center (SOC) tools needed to provide effective attack visibility. He compared them to the cold war’s “nuclear triad” concept of airborne, siloed, and submarine nuclear capabilities needed to ensure survival in a total nuclear exchange. Similarly, the SOC visibility triad is vital to ensuring the survival of a cyber-attack, or in Chuvakin’s words, “your ‘SOC triad’ seeks to significantly reduce the chance that the attacker will operate on your network long enough to accomplish their goals.”  

Let’s examine the three Gartner-designated essentials of the SOC triad and how Ziften supports each strategic capability.

  • SIEM (Security Information and Event Management)— Ziften Open Visibility™ extends existing security, system management, and event monitoring tools by delivering crucial open intelligence of any enterprise endpoint. Ziften’s Open Visibility platform now includes integration with ArcSight, Splunk, and QRadar, as well as any SIEM supporting Common Event Format (CEF) alerts. Unlike competing product integrations that only provide summary data, Ziften Open Visibility exposes all Ziften-collected endpoint data for full-featured integration exploitation.
  • NFT (Network Forensics Tools)—Ziften ZFlow™ extends network flow-based security tools with vital endpoint context and attribution, greatly enhancing visibility to network events. This new standards-based technology extends network visibility down within the endpoint, collecting crucial context unobservable over the wire. Ziften has an existing product integration with Lancope, and also has the ability to rapidly integrate with other network flow collectors using Ziften Open Visibility architecture.
  • EDR (Endpoint Detection and Response)—The Ziften Endpoint Detection and Response solution continuously assesses user and device behaviors and highlights anomalies in real-time, allowing security analysts to hone in on advanced threats faster and minimize Time To Resolution (TTR). Ziften EDR allows organizations to more rapidly determine the root cause of a breach and decide on the necessary corrective actions.

While other security tools play supporting roles, these are the three essentials that Gartner asserts do constitute the core defender visibility into attacker actions within the targeted enterprise. Arm up your SOC triad with Ziften. For a no-hassle free trial, visit: to learn more.

Get the Blog Here