All IT security audits in the Bank were handled in a big famous corporate GRC system. But every time a new cybersecurity standard was published, retuning of the process was frequently connected with issues on the GRC side.
Lack of convenient user tools for managing of different standards requirements and especially of the similar ones, made the team to lose a lot of time for the double work when users had to conduct a new audit campaign with a particular standard.
The initial process of dealing with a huge number of requirements was held via electronic tables with all related to such an approach cons. One of the main requirements from the customer’s side was to have the most of the standards, they should be compliant with, available and structured out-of-the-box. After a series of meetings and the PoC project, the Defensys SGRC was chosen as a core solution for the cyber security requirements management system of the Bank.
As the first step, the Defensys SGRC had to be integrated with the Bank’s GRC solution. As a result, the whole structure of assets incl.
For the purposes of building the effective Cyber Intelligence process relevance and completeness of the received data plays the crucial role. In most of the cases the work with the Threat Intelligence (TI) data starts with the adding of open source feeds. Regarding the 2021 SANS Cyber Threat Intelligence (CTI) Survey 66.3 % of the companies use open sources for the collecting of indicators of compromise (IoC) data and they strive to work with multiple sources in parallel.
On one hand using several sources seems the most simple and obvious way to start collecting data quickly but on the flipside there is a big issue in numerous detections when you upload these indicators to the security tools. And it makes the process of the data processing by the analyst almost impossible. We’d like to note also that if you want to create block lists for security tools from IoCs or a collection for search queries on the side of EDR solutions there will be a limitation by the number of entities. This means that anyway there has to be the manual work to prepare such collection of IoCs. Besides you have to keep in mind that only indicators itselves are useless.
It was very difficult to locate a host when something wrong occurred within the network.
Typically, cybersecurity specialists would call a large number of colleagues from different regions before collecting all the necessary data.
In addition, different systems installed within the infrastructure provided different equipment statistics.
Following the PoC process, there was a comprehensive implementation of the Defensys ACP solution that helped.
Defensys ACP does a healthcheck of the AV system giving the up-to-date reports weekly.
As a result, the Defensys ACP has become a source of reference for assets, not only for cybersecurity personnel, but also for other departments.
Some IT systems use the ACP’s API to enrich the required data with asset information.
The system’s metrics are distributed on the Cyber Security Office video wall where the Operations Center is located.