The main purpose of a risk assessment is to form a strategy to avoid or mitigate the damage of potential cyber incidents.
But while audits are about the present (there is a certain requirement – it is not being met now, the picture is clear), in the context of future threats, it can be extremely difficult for CS staff to explain to management the purpose of allocating the budget. A risk assessment helps to translate the needs of the CS department into the language of the business and communicate the importance of the information received.
At the same time, SGRC solutions strengthen communication with the business, allowing the removal of higher-level risks from technical ones, as well as automatically generating understandable graphs and visual dashboards to simplify this communication without additional time expenditure on the part of employees.
Accumulating technical data about the state of CS is an important but not the last task. To make a breakthrough in the quality and effectiveness of the IS system, this data needs to be contextualized and properly analyzed.
But in an ideal worldview, of course, one would like to use the SGRC system after its implementation not “in a vacuum” but to aggregate in it information useful in terms of processes automated by the SGRC system.
The Factory has purchased step by step all Defensys products: SOAR, Security GRC, Threat Intelligence, SENSE and Threat Deception platforms. As a part of large project on software installation and customization, our target was to build an ecosystem based on Defensys software which will cover all cybersecurity needs of the factory.
Since each company has its own internal procedures, Defensys takes into account all customer requests and adapts software to specific requirements. The factory has 5 types of incidents to be detected, so there were tailored 5 SOAR playbooks that utilize different connectors during the response and investigation processes.
The company stored most of the assets data in a SIEM system and all incidents for further processing are being taken from the SIEM too. Besides, it’s connected with AD and antivirus solution.
At the moment, by using Defensys software, the company can do the following:
The factory has highly appreciated TDP as an up-to-date platform to enhance the state of cybersecurity and actively generates traps and lures in its subnets.
Defensys developed an updated Platform for assets behavior analysis and anomaly detection, the Defensys SENSE v. 1.14. The Platform now can be integrated with the Defensys Endpoint technology, which extends the function of endpoint data collection. The new Platform version provides cyber security analysts with more context while looking for the causes of anomalies due to the modified asset card.
With the new version, users get access to a wider range of events and telemetry from different operating systems, including Windows, Linux, and MacOS. This expands the data flow from endpoints, which delivers CS analysts incidents of higher quality for the following assessment. This process was implemented thanks to integration of the Defensys SENSE with the Defensys Endpoint technology.
The asset card was significantly updated. At the moment asset’s technical data and related entities are displayed on the asset card besides the basic information. Because of this, users can quickly access full context of the necessary asset and remarkably speed up the root cause search.
Therefore, Defensys added a new tab “Daily analytics” to the asset card, where you can find rating changes, anomalies, and involved equipment for the last 24 hours. After detection of equipment with a high rating, cyber analysts can research all users’ actions during the day with a single click and define, if investigation is needed in case of anomaly activities detection.