The Defensys company has released a new version of its platform for automating cyber security management processes – Defensys SGRC 5.0. In this version vendor enhanced compliance, asset and vulnerability management features.
A lot of new regulatory standards strongly affect the system’s development. For instance, SAMA framework that was recently added to the Platform demands new reporting templates and assessment scales. The same thing is with GDPR, UAE IA Regulation framework and some other standards including in-house frameworks from customers that sometimes demand different mathematics to calculate resulting indexes after the audit is completed.
That’s why in Defensys SGRC 5.0 there appeared an “import/export” feature for audit types. The type affects what scale will be used for the assessment, what fields will be available for the filling and how will be statistics calculated. This feature significantly helps to quickly transfer all the needed preferences from the testing segment/installation to the productive server during the specific stage of some implementation project.
Some features appeared in Assets functional block. The vendor enhanced asset data import features. Now users can automatically upload data to the system from the Excel, CSV, JSON, XML files. This extended file extensions support helps to simplify the data transfer process that affects the overall inventory process in good manner.
The Computer Security Incident Response Team of MSSP, was facing a typical for a MSSP challenge of choosing the right SOAR platform for automation of their internal incident management processes.
While choosing the product the company looked at several criteria with the following key requirements:
The managed security service provider team selected 6 SOAR products for initial comparison 4 of which were tested during the pilot projects.
After comparative analysis and testing, the team selected Defensys SOAR platform.
The MSSP has 3 Tiers for incident monitoring working 24/7 with separate response and maintenance groups, forensic, threat hunting and other experts. The whole team follows one single integrated workflow that regulates the incident management process and specifies tasks for each team member at certain stage.
Threat Intelligence (TI) platforms work with knowledge about cyber security threats: attacks, attackers, targets, motivations, tools, malware, vulnerabilities and indicators of compromise. This knowledge must be fact-based – verified, timely, and sufficient to make decisions on adequate protection measures.
In a general sense, an Indicator of Compromise (IoC) is a digital artifact that clearly indicates the described object’s potential maliciousness and/or the fact that the information system has been compromised.
In the process of working with TI data, the following indicator types can be used as:
The life cycle of an indicator of compromise
Each indicator has its life cycle, i.e. the time during which it preserves its malicious activity with a high probability. Some indicators can be “dangerous” for several days, some – for months. When its lifetime expires, the indicator becomes irrelevant, in other words, it becomes obsolete.
The indicator life cycle starts when a cyber security analyst or some security tools detect the threat. Malicious activity signs, that is, any objects and data associated with a detected threat, indicate that the system has been compromised and are considered indicators of compromise.