Defensys introduced a new major version of cyberthreat information analysis platform, the Defensys TIP 3.0. The updated platform has a number of significant functional improvements. In particular, users now can apply more qualitative data for threat analysis because of a new source – the MITRE ATT&CK knowledge base. The feature of the IoC rating customization is also available now.
In the Defensys TIP v. 3.0 the developer expanded the volume of cyber intelligence data by integrating the platform with a new source – the knowledge base MITRE ATT&CK. You can get information about malware, threat actors and their techniques directly from the platform interface in the Threats section. Entity cards contain all the information from the knowledge base: entity descriptions, related tactics, synonyms of groupings, sub-techniques, links to web resources that present cases where hackers use certain techniques, as well as recommendations for detecting them.
In addition, the relationships graph displays data on the relationship of all entities from the new source with the IoCs and with each other. This is an additional analysis tool and allows you to track which techniques are used by different groups of hackers and what kind of malware is applied.
Risk management is an equally important component of SGRC. Willingness to implement it in itself indicates a certain level of maturity in an organization. If audits answer the question “what is happening to CS now?”, risk management helps answer the question “What will happen to the organization’s CS in the future?” and also try to change that future.
Risk management is a proactive response to potential problems in the cyber security system. Of course, this process can be translated by regulators through regulatory documents requirements but it can be very difficult to approach. The reason for this is the following two factors, which are not described in detail in almost any risk assessment regulation:
– Risk assessment methodology.
– Threats catalogs.
The term “risk assessment methodology” in this article refers to a list of risk parameters and how they are calculated.
There are three key points in the creation and description of assessment methodology, without which the process is not possible:
– What is considered to be the risk level – a key parameter, on the basis of which risks will be prioritized?
The Defensys company issued a new release of the Platform for incident response automation and SOC high efficiency Defensys SOAR v. 5.2. The new version provides users with an email communication tool and enhanced response playbooks capabilities.
One of the key Platform features is the built-in functionality of e-mail correspondence, which is implemented as a separate tab in the incident card. All messages are displayed in the familiar user form as in popular messengers. Herewith, an incident mail thread can be created either manually or automatically using response playbooks. For instance, you could set up an automatic start message requesting additional information immediately when an incident occurs. This increases the ease of communication during the incident handling process and saves time spent switching between the system interface and e-mail.
In the updated version, the Defensys company has improved response playbooks by setting up automatic handling of connector execution errors. Thereby, the Defensys SOAR users get better control over the playbook execution process. If a network failure occurs or an external system is temporarily unavailable, connectors will restart automatically without any human intervention.
Aside from that, the Defensys SOAR 5.2 introduces a new approach to configuring of automatic playbook starting.
The customer had a need to take in order internal IT & cyber security processes. So a large research across the market was made.
After the careful search Defensys ACP was preferred.
The customer has a huge infrastructure with a large number of servers, active network equipment and of course workstations.
During the project implementation several customer’s departments were involved. At the beginning, the work was established with IT department, further the cyber security department joined with their own requirements.
The main objective just from the beginning of the project was to make a single repository of assets and to put them in order there. Defensys ACP was tuned to receive data from different network segments. By working together with two Cyber security and IT departments, a lot of different types of systems were successfully integrated with the ACP system but of course there were some specific requirements during this process. For example the customer’s network has different segments that are not interconnected on a physical level. That’s why some part of data was uploaded to the system with the files integration capabilities, from custom databases and via specified questionnaires that were sent using built-in task manager of the ACP.