Defensys defines cybersecurity and governance with a comprehensive suite of SGRC tools designed to streamline and automate KPI measurement. Defensys SGRC empowers organizations to enhance their cybersecurity resilience and maintain robust protection against evolving threats.
Automate and Customize Metrics to Fit Your Needs
Defensys SGRC enables seamless automation of KPI calculations across any time period, gathering data from diverse sources to ensure accuracy and relevance. With our platform, organizations can easily implement automated measurements for critical cybersecurity resilience metrics, making it possible to monitor and manage cybersecurity performance in real-time.
Defensys supports a wide range of KPIs to assess compliance, asset protection, and training effectiveness. This flexible functionality allows users to track:
Empower Your Risk and Incident Management
Defensys SGRC offers powerful tools for custom reporting in risk and incident management, allowing users to integrate external systems, generate customized data reports, and gain valuable insights on demand.
The number of cyber threats increases rapidly. Year by year emerge new malware and hacker groups that can undermine the continuity of companies’ business processes. To protect themselves, organizations need reliable tools that can help them withstand today’s cyber threats, one of them is the Defensys SIEM.
Defensys analysts team pays considerable attention to the development of in-house expertise packages, focusing on the quality, relevance and timeliness of rules in the Defensys SIEM. Special feature of the technology is the convenience and flexibility of working with collected events: the solution provides a multifunctional set of tools for creating, testing and operating rules for detecting attacks and threats.
Defensys takes into account the needs of customers, so the product can be easily adapted to work with various event sources, including information security tools from well-known vendors and operating systems, and others. A wide range of systems supported by the Defensys SIEM allows users to quickly configure sources and subsequent event collection to quickly identify threats and develop effective measures to eliminate them.
The Defensys SIEM is a modern technology for ensuring companies’ information security. It allows users to quickly and accurately identify threats, as well as to develop measures to prevent them.
Challenge & Implementation
The Financial Institution had an implemented vulnerabilities management process based on Company’s scanners, that transferred vulnerabilities to the Defensys SOAR. When the Institution decided to change existing scanners, the running process was stopped. Moreover, the process was inconvenient for users and there was a huge demand for innovations. The Defensys’s engineers together with the Institution’s representatives have formulated the main goals for the process modernization:
1. Нosts have to be grouped in one incident
Previously 1 vulnerability was connected to only 1 host, that consequently led to creation of 1 incident in the SOAR and 1 remediation request in the Company’s ITSM system. So the process was related to the most critical vulnerabilities only. Because if the SOAR received more than three hundred thousand vulnerabilities, the IT department would have the same number of requests. As human resources are limited all the vulnerabilities could not be remediated on time in such a case.
To improve the situation, Defensys’s team has redeveloped the existing logic and designed the service, that transfers information regarding vulnerabilities from the scanner’s database. Now an important parameter for each vulnerability is the network’s segment, where the vulnerability was detected.
Defensys, the developer of cybersecurity solutions, continues to keep Defensys SIEM development at a high pace and is ready to announce the release of the new version 1.6. The version includes improvements of correlation rules handling, as well as enhanced scalability, additional control, and user management.
A new module of distributed correlator available while setting up a collector has been added to the Defensys SIEM 1.6. Now resources of several nodes in a cluster can be used for synchronized events handling. Thanks to this correlation resources can be horizontally scaled with available physical machines for numerous events handling saving the cost of large configurations.
The Defensys team has paid particular attention to companies with huge infrastructures for whom a flexible role model is extremely important. Therefore, the developers have implemented the multitenancy in the new version, thanks to which it’s possible to centrally manage one solution to protect several organization’s branches or different organizations within one interface.
The developer has also provided a flexible restrictions system through permission groups and roles, this includes the ability to distribute access roles and create user groups with absolutely unique permissions. Accordingly, the password policy sets requirements for the passwords’ strength and use for personal accounts, which increases the security of the system.
The Bank effectively uses the Defensys SOAR and SGRC in their routine. Nevertheless, the implemented scanner of the Bank from another vendor reported about numerous vulnerabilities daily. Thus the necessity appeared to develop and set up new processes of vulnerabilities management.
New policies and processes had to be restructured considering the specifics of the Bank’s infrastructure: all company’s assets are united into informational systems. Individual departments of the Bank and even teams are responsible for different cyber security functions.
Using integration with the Bank’s task-manager, the Defensys’s engineers updated response processes. A playbook, that creates a ticket for responsible employees in a task-manager and adds a report in Excel-form, starts after a new portion of vulnerabilities has automatically come from the scanner. The report contains necessary information regarding vulnerabilities only for a certain team, responsible for separate business processes.
If the issue is resolved, the ticket can be closed. If the closure is impossible at the moment, the user adds feedback to the ticket and provides reasons, why the process can’t be finished yet. The process will be looped till the incident is properly closed.
Moreover, the Vendor has updated report forms.