The Telecommunication Operator, a company with multiple subsidiaries across the country, needed a solution for automation of cyber security processes in the SOCs. The Company demanded a lot of integrations with internal systems, easy access to information regarding all branches and multiple tools for information handling from software vendors.
The Operator chose Defensys products after a PoC project during which Defensys demonstrated the required functionality of software and additional managing options.
Among all Defensys products, the Company has purchased the SOAR, SGRC and TI platforms.
Defensys has a great experience in working with companies, that provide different mobile services. That’s why we managed to avoid typical pitfalls and could concentrate on important tasks.
As mentioned above, Defensys software had to be integrated with several systems for data collection and transfer between tenants and the HQ according to certain attributes. Generally, the software was integrated with more than 40 systems with various functionalities.
Along with standard integrations (AD, antivirus, scanners), the Defensys SOAR was connected to the Company’s internal system, that collects data regarding all user accounts and their unique numbers. Each account is stored as a customized asset and has a status.
Defensys has released a new version of the cyberthreat information analysis platform, the Defensys TIP 3.16. New release has a range of important updates. For example, the number of supported SIEM systems and firewalls has been extended. Defensys has also upgraded its own data source (Defensys Threat Feed), now Defensys Feed can independently identify links between entities, countries and industries of threat actors.
One of the Defensys Threat Intelligence Platform functions is reactive and retrospective search for indicators of compromise (IoC’s) within event flow coming from SIEM systems. The Defensys TIP platform can be integrated with famous SIEM and log management solutions, such as:
Additionally, Defensys expanded the list of supported third-party data security tools for IoC’s export. Detected IoC’s can be automatically exported to firewalls for further processing and protection of the network infrastructure.
The Defensys TIP team continues developing its own feed integrated into the platform. It automatically collects TI reports from trusted public sources and extracts key Threat Intelligence artefacts. The updated version of the Defensys Threat Feed has an 11 times larger dataset to train the TI artefact recognition model.
In the article we describe vulnerability management and challenges companies can face when setting this process, as well as share tips on how to overcome them.
At first, we would like to brief you with the main definitions:
Vulnerability is a flaw in information system or software which a hacker can use to penetrate the infrastructure, disrupt systems or access them. Vulnerabilities have several severity levels. One of the most widespread and serious risks is existence of an exploit for a vulnerability, especially if it`s already actively used by hackers. Exploit is a malware with data or executable code which uses vulnerabilities to conduct attacks.
Vulnerability management (VM) helps to lower the risks caused by infrastructure vulnerabilities. VM is a multi-step cyclical process of identifying, prioritizing and remediating vulnerabilities, followed by further monitoring. VM offers a choice of response way on issues connected to company’s assets: detected software vulnerabilities, configuration vulnerabilities, insecurely configured ports and other vulnerabilities that can be used by attackers. The main purpose of the process is risk minimization and systems protection from potential attacks, exploits and other forms of hacking or security breaches.
Vulnerability Management includes following steps:
The bank has implemented the Service Desk solution. However, there was insufficient interaction with other systems, in particular, there was no interaction with TI tools and repositories.
The Bank wanted a comprehensive system overhaul and one of the key decisions in the global cybersecurity overhaul was the Defensys SOAR solution.
Thanks to Defensys’s technologies, a number of key issues were resolved: