The information you are about to copy is INTERNAL!
DO NOT share it with anyone outside Check Point.
Horizon SOC - Achieving SOC Certainty
Technical Level
Solution ID
sk164332
Technical Level
Product
Horizon SOC
Version
Cloud
Date Created
28-Dec-2019
Last Modified
06-Dec-2022
Solution
Achieving SOC Certainty
Expose, investigate and shut down attacks faster, with 99.9% precision across network, cloud, endpoint, mobile, and IoT. The same intelligence and investigation tools used by Check Point Research are now available for you.
Horizon SOC automatically locates stealth attacks alongside brand protection attacks, and enriches your views and reports with Check Point ThreatCloud intelligence. With Horizon SOC, you can search the entire ThreatCloud repository for more information on any Indicator of Compromise (IoC) that you investigate.
The solution is non-intrusive. No new network deployment or log integration is required. All you need is an existing Check Point Security Gateway with Threat Prevention blades enabled.
ML Algorithms
Horizon SOC uses rich ThreatCloud intelligence alongside Machine Learning (ML) algorithms to locate the top threats and focus automatically on the victims in the network. Threats that need to be taken care of are shown as actionable items.
Supported Algorithms
Compromised hosts
Compromised mobile devices
Compromised cloud assets
APT attacks discovery
Compromised IoT devices
Advanced Analytics Portal
Use the advanced analytics portal to contain/remediate threats found in your network.
A few hours after onboarding, you start to see the AI analytics:
You have the related CK and a unique ID for each victim. When you click on the victim name, you can analyze the threat and see all the related indicators to the threat that were found.
To locate the infected host in your network:
Go to What Next and click Copy Query.
Search in SmartConsole or in your SIEM solution.
Analyze the Threat
To analyze the threat, click on the related IoC or conduct a search for your indicator:
On the Investigation tab, you can review all the intelligence Check Point ThreatCloud for this IoC.
You can view the related files for the infection and other related IoCs, the global spread of the IoC, the OSINT intelligence, and more.
Important information regarding Infinity SOC insights generation:
Horizon SOC uses rich ThreatCloud intelligence alongside Machine Learning (ML) algorithms to locate the top threats and focus automatically on the victims in the network. Threats that need to be taken care of are shown as actionable items.
The algorithm runs on Anti Virus/ Anti Bot and IPS logs and create insights, multiple logs can create zero insights, one insight and may also create multiple insights, this depends on the logs severity and other parameters that the algorithm consider