Horizon SOC - Achieving SOC Certainty

Support Center > Search Results > SecureKnowledge Details

Technical Level

Solution ID	sk164332
Technical Level
Product	Horizon SOC
Version	Cloud
Date Created	28-Dec-2019
Last Modified	20-Nov-2022

Solution

Achieving SOC Certainty

Expose, investigate and shut down attacks faster, with 99.9% precision across network, cloud, endpoint, mobile, and IoT.
The same intelligence and investigation tools used by Check Point Research are now available for you.

Horizon SOC automatically locates stealth attacks alongside brand protection attacks, and enriches your views and reports with Check Point ThreatCloud intelligence.
With Horizon SOC, you can search the entire ThreatCloud repository for more information on any Indicator of Compromise (IoC) that you investigate.

The solution is non-intrusive. No new network deployment or log integration is required.
All you need is an existing Check Point Security Gateway with Threat Prevention blades enabled.

ML Algorithms

Horizon SOC uses rich ThreatCloud intelligence alongside Machine Learning (ML) algorithms to locate the top threats and focus automatically on the victims in the network. Threats that need to be taken care of are shown as actionable items.

Supported Algorithms

Compromised hosts

Compromised mobile devices

Compromised cloud assets

APT attacks discovery

Compromised IoT devices

Advanced Analytics Portal

Use the advanced analytics portal to contain/remediate threats found in your network.

Onboarding Procedure

You can find the prerequisites and the full onboarding procedure in the Horizon SOC Administration Guide.

Incident Analysis - Locating a victim

A few hours after onboarding, you start to see the AI analytics:

You have the related CK and a unique ID for each victim. When you click on the victim name, you can analyze the threat and see all the related indicators to the threat that were found.

To locate the infected host in your network:

Go to What Next and click Copy Query.

Search in SmartConsole or in your SIEM solution.

Analyze the Threat

To analyze the threat, click on the related IoC or conduct a search for your indicator:

On the Investigation tab, you can review all the intelligence Check Point ThreatCloud for this IoC.

You can view the related files for the infection and other related IoCs, the global spread of the IoC, the OSINT intelligence, and more.

Important information regarding Infinity SOC insights generation:

Horizon SOC uses rich ThreatCloud intelligence alongside Machine Learning (ML) algorithms to locate the top threats and focus automatically on the victims in the network. Threats that need to be taken care of are shown as actionable items.

Supported Algorithms

Compromised hosts
Compromised mobile devices
Compromised cloud assets
APT attacks discovery
Compromised IoT devices

The algorithm runs on Anti Virus/ Anti Bot and IPS logs and create insights, multiple logs can create zero insights, one insight and may also create multiple insights, this depends on the logs severity and other parameters that the algorithm consider

Documentation

Note - In September 2022, the product was rebranded from "Infinity SOC" to "Horizon SOC".

Give us Feedback

Please rate this document

[1=Worst,5=Best]