Chuck Leaver – Ziften Can Be Your Gartner SOC Nuclear Triad

Written By Dr Al Hartmann And Presented By Chuck Leaver Ziften CEO


Anton Chuvakin, VP and security analyst at Gartner Research published about the three necessary Security Operations Center (SOC) tools needed to offer effective cyber attack visibility. Chuvakin compared them to the cold war’s “nuclear triad” concept of siloed, air-borne, and nuclear submarine abilities needed to guarantee survival in a total nuclear exchange. Similarly, the SOC visibility triad is essential to ensuring the survival of a cyber attack, “your SOC triad seeks to considerably minimize the chance that the aggressor will operate on your network long enough to accomplish their goals” as Chuvakin wrote in his post.

Now we will look at the Gartner designated basics of the SOC triad and how Ziften supports each capability.

SIEM (Security Information and Event Management) – Ziften Open Visibility ™ extends existing security, event tracking tools and system management by delivering vital open intelligence of any enterprise endpoint. Ziften’s Open Visibility platform now includes integration with Splunk, ArcSight, and QRadar, as well as any SIEM supporting Common Event Format (CEF) alerts. Unlike contending product integrations that just offer summary data, Ziften Open Visibility exposes all Ziften gathered endpoint data for complete featured integration exploitation.

NFT (Network Forensics Tools)– Ziften ZFlow ™ extends network flow based cyber security tools with vital endpoint context and attribution, greatly boosting visibility to network events. This new standards based technology extends network visibility down within the endpoint, collecting important context unobservable over the wire. Ziften has an existing product integration with Lancope, and also has the ability to rapidly integrate with other network flow collectors utilizing Ziften Open Visibility architecture.

EDR (Endpoint Detection and Response)– The Ziften Endpoint Detection and Response service constantly examines user and device habits and highlights abnormalities in real time, permitting security analysts to focus on advanced threats faster and reduce Time To Resolution (TTR). Ziften EDR allows organizations to more quickly determine the origin of a breach and pick the needed restorative actions.

While other security tools play supporting roles, these are the three fundamentals that Gartner asserts do make up the core defender visibility into opponent actions within the targeted company. Arm up your SOC triad with Ziften. For a no obligation free trial, check out: to read more.


No Responses Yet to “Chuck Leaver – Ziften Can Be Your Gartner SOC Nuclear Triad”

Leave a Reply