Support Center > Search Results > SecureKnowledge Details
InfinitySOC Update - What's New? Technical Level
Solution


Introduction


Achieving SOC Certainty

Expose, investigate and shut down attacks faster, with 99.9% precision across network, cloud, endpoint, mobile and IoT.  These same intelligence and investigation tools are used by Check Point Research and are now available for you.

For many SOC teams, finding malicious activity inside the network is like finding a needle in a haystack. They are often forced to piece together information from multiple monitoring solutions and navigate through a daily overload of alerts with little or no context. The result: critical attacks are missed until it’s too late.

Infinity SOC provides your team with the certainty it needs to expose and shut down attacks faster, before damage spreads. Easily deployed as a unified cloud-based platform, it increases security operations efficiency and ROI.

See the full solution brief


Also see:


InfinitySOC Update Overview


Date Version What's New
31 Aug 20 1.1 New Features

Insights
  1. APT Insight - Based on new Intelligence ability powered by CP<R>, APT attacks against any Infinity Product will be located. related IoCs to the APT attacks that will be discovered, can be investigated in "Investigate"
  2. IoT Insight - Based on a new ML algorithm combined with automatic reverse engineering of IoT malwares, we have added a new ability to locate a compromise IoT device. The insights are based on ongoing Intelligence research of IoT malwares distribution groups combined with full automation flow - from the first malware sample discovery to InfinitySOC. The Insights are very accurate due the fact we have the ability to determine (automatic from the code of the malware) if the indicator is Pre or Post infection related. Per insight, we advise to go to “Infinity NEXT” application in the portal and deploy IoT nano-agent protection.
  3. Cloud Insight - Based on a new way to detect a cloud assets in ThreatCloud, we have added a new detection engine that is able to determine that the analysis has been conducted on a Cloud Traffic and from it, focus the customer to the specific cloud service provider ( AWS, AZURE, GCI, ALI and more)
  4. DNS Servers - Based on the amount of traffic and DNS analysis, InfinitySOC will TAG an insight as related to a DNS server if it will find it in high probability. that will allow better investigation flow of an incident.
Overview
  1. Brand Protection - Add Support for Brand Protection in General Overview, allowing to review the protected domain


Improvements and Enhancements:
  1. Security gateway Application Settings - Security gateway setting has been added you can add and remove GWs from analytics
  2. Benign data in ‘Investigate’- ‘Investigate’ has been enriched with massive amount of stream benign data. That will allow the customer to review not only malicious/suspicious IoCs but also benign.
  3. ‘Brand Protection’ accuracy improvements - Brand protection accuracy have been improved.
  4. Automatic Smart-Log query generating - an automatic generated smart-log query has been added to the ‘whats-next’ section in the insight. That will allow customers to simply copy and search for the host in case of an obfuscated IP address.
31 Sep 20 1.2
Improvements and Enhancements:

  1. Linux & MAC support – InfinitySOC now support slim-agents for MAC & Linux (based on the supported versions).
  2. Reporting – Brand protection & Network insights reports has been added to InfinitySOC. You can configure it VIA the settings TAB of the application
  3. Terminate Tenant – Added the option to terminate the InfinitySOC tenant if this action is needed.
  4. Extended data on the GW – Added into an insight the ability to see the GW version, GW_ID of the GW and the HOST identification (source IP related to the host)
  5. Manage Your GWs – Enhanced visualization has been developed to assist with identifying the related data points to a threat
  6. LookAlike Domain widget – A new overview widget has been added, showing the top LookAlike domains found on the organization.
  7. Benign IoCs – extensive benign data has been added to ‘Investigate’ allowing customers to review & triage an indicator that are not malicious by Check Point
This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment