The Power generating company hadn’t had any automation programs for their cyber security processes. As the number of branches and employees increased, the Company decided to implement modern software to minimize the manual work and save valuable time.
The Defensys ACP attracted the Company’s attention, because of its automation functions and asset management capabilities from the cyber security perspective.
On the way to the software installation our engineers faced a challenge: the Company has a lot of branches, that makes inventory process in the organization very complicated. The Defensys multi-tenancy option could not be used unless there is a clear understanding about the crossing IP addresses in the whole IT and OT infrastructure.
To keep records of assets in all branches and not to mix them all up the Developer has found a solution – the Defensys ACP could work with the same asset IP addresses from different branches and remote plants due to the ability to label the network when performing the inventory scan. Besides, the Defensys software was integrated with a SIEM system and antivirus solution in each branch.
The Power generating company doesn’t need customized processes or dashboards, because pre-installed options meet Company’s demands.
In the article we continue to describe vulnerability management and challenges companies can face when setting this process, as well as share tips on how to overcome them.
Stage 4. Remediation
Remediation means taking of appropriate measures to neutralize detected vulnerabilities. It consists of installing patches/updates, stopping or disabling certain services and protocols, performing compensating measures or taking risks for non-remediation. Decisions made on detected vulnerabilities are usually indicated by appropriate statuses (e.g., compensatory measures, risk accepted or false positive). This is necessary to evaluate further actions on vulnerabilities and control their remediation.
If users decide to remediate the vulnerability, a task for IT department should be automatically created in a Service Desk system and the patch management (process of managing and applying patches, updates and software fixes) should be started.
Challenges and recommendations:
As mentioned above, vulnerabilities can be fixed using updates and patches or by modifying configuration files, but its installing process is often a complicated procedure. This may be caused by incompatibility with other programs, testing necessity, or missing access to the system for updates.
There are definitely assets, software, and services in any organization’s infrastructure that are difficult to patch.
The Telecommunication Operator, a company with multiple subsidiaries across the country, needed a solution for automation of cyber security processes in the SOCs. The Company demanded a lot of integrations with internal systems, easy access to information regarding all branches and multiple tools for information handling from software vendors.
The Operator chose Defensys products after a PoC project during which Defensys demonstrated the required functionality of software and additional managing options.
Among all Defensys products, the Company has purchased the SOAR, SGRC and TI platforms.
Defensys has a great experience in working with companies, that provide different mobile services. That’s why we managed to avoid typical pitfalls and could concentrate on important tasks.
As mentioned above, Defensys software had to be integrated with several systems for data collection and transfer between tenants and the HQ according to certain attributes. Generally, the software was integrated with more than 40 systems with various functionalities.
Along with standard integrations (AD, antivirus, scanners), the Defensys SOAR was connected to the Company’s internal system, that collects data regarding all user accounts and their unique numbers. Each account is stored as a customized asset and has a status.
Defensys has released a new version of the cyberthreat information analysis platform, the Defensys TIP 3.16. New release has a range of important updates. For example, the number of supported SIEM systems and firewalls has been extended. Defensys has also upgraded its own data source (Defensys Threat Feed), now Defensys Feed can independently identify links between entities, countries and industries of threat actors.
One of the Defensys Threat Intelligence Platform functions is reactive and retrospective search for indicators of compromise (IoC’s) within event flow coming from SIEM systems. The Defensys TIP platform can be integrated with famous SIEM and log management solutions, such as:
Additionally, Defensys expanded the list of supported third-party data security tools for IoC’s export. Detected IoC’s can be automatically exported to firewalls for further processing and protection of the network infrastructure.
The Defensys TIP team continues developing its own feed integrated into the platform. It automatically collects TI reports from trusted public sources and extracts key Threat Intelligence artefacts. The updated version of the Defensys Threat Feed has an 11 times larger dataset to train the TI artefact recognition model.