The Factory has purchased step by step all Defensys products: SOAR, Security GRC, Threat Intelligence, SENSE and Threat Deception platforms. As a part of large project on software installation and customization, our target was to build an ecosystem based on Defensys software which will cover all cybersecurity needs of the factory.
Since each company has its own internal procedures, Defensys takes into account all customer requests and adapts software to specific requirements. The factory has 5 types of incidents to be detected, so there were tailored 5 SOAR playbooks that utilize different connectors during the response and investigation processes.
The company stored most of the assets data in a SIEM system and all incidents for further processing are being taken from the SIEM too. Besides, it’s connected with AD and antivirus solution.
At the moment, by using Defensys software, the company can do the following:
The factory has highly appreciated TDP as an up-to-date platform to enhance the state of cybersecurity and actively generates traps and lures in its subnets.
Defensys developed an updated Platform for assets behavior analysis and anomaly detection, the Defensys SENSE v. 1.14. The Platform now can be integrated with the Defensys Endpoint technology, which extends the function of endpoint data collection. The new Platform version provides cyber security analysts with more context while looking for the causes of anomalies due to the modified asset card.
With the new version, users get access to a wider range of events and telemetry from different operating systems, including Windows, Linux, and MacOS. This expands the data flow from endpoints, which delivers CS analysts incidents of higher quality for the following assessment. This process was implemented thanks to integration of the Defensys SENSE with the Defensys Endpoint technology.
The asset card was significantly updated. At the moment asset’s technical data and related entities are displayed on the asset card besides the basic information. Because of this, users can quickly access full context of the necessary asset and remarkably speed up the root cause search.
Therefore, Defensys added a new tab “Daily analytics” to the asset card, where you can find rating changes, anomalies, and involved equipment for the last 24 hours. After detection of equipment with a high rating, cyber analysts can research all users’ actions during the day with a single click and define, if investigation is needed in case of anomaly activities detection.
There is a lot of discussion in the professional community about risk assessment methodologies. At the same time, much less attention is paid to a more powerful indicator of the maturity of the process – the process of building threats catalogs.
Let us turn to a typical assessment process:
After a one-time event – the preparation of methodological materials – the assessment cycle begins on a schedule or trigger. The first step is to determine the assessment areas, a step that depends largely on the completeness of the data on the resource-service model. As with audits, it is important here to see the connections between tangible and intangible assets.
The value of the asset, the most difficult step in terms of assessment, was discussed earlier.
The next step, i.e. identification, is the formation of a list of risks for further assessment. And it is this step that often becomes a stumbling block for inexperienced organizations.
Often in the first iterations of the process, this step is implemented creatively: experts analyze the asset on the go, during each assessment, and make a list of possible threats.