The developer has added a correlation rules builder to the Defensys SIEM 2.0. It enables interactive creation and modification of correlation rules without using the code editor. Visual interface and step-by-step process visualization make it easier for analysts to create necessary rules.

The changes have also affected elements of the event processing pipeline. Defensys experts have added the main metrics: “number of errors”, “received and sent events” to the pipeline interface. Now metrics for each element are available at once, without further going into details. The new feature helps to identify potential errors faster and minimize the loss of incoming events.

The vendor has also added a WMI-type entry point that collects Windows logs from endpoints, servers, and WEC (Windows Event Collector) to the release. The update allows users to configure a single entry point to collect multiple logs, making the source configuration easier for engineers.

Defensys has presented a new version of the flagship product Defensys SIEM 1.8 with extended functions. The version has audit of cyber event sources for a quick problem’s identification and elimination, Kubernetes performance monitoring for glitch risk minimization, and a faster user authentication through LDAP-protocol.

New level of event source management

In the new version of the Defensys SIEM users can track sources’ statuses, that transfer events to collectors. The status is assessed based on the events’ quantity and quality, which makes the abnormalities detection possible.

For this purpose, the system provides customizable source auditing policies. They track changes in the event pipeline and send notifications via customized integrations when specified threshold values are reached.

Timeliness and completeness of incoming events are crucial aspects for SOC functionality. That’s why the developer has added metrics for sources control which help to promptly detect and eliminate possible problems, such as missing events from one of the sources.

Kubernetes performance monitoring

Challenge

A variety of disordered incidents coming from different sources, no automatic classification, a lot of tasks with manual handling, lack of transparency in operations – all these factors lead to mismanagement incompanies’ cyber security and cause complex issues. Unfortunately, each organization that has no implemented incident management process faces the problems mentioned above and the Mining company was no exception.

Besides, the Company had an additional requirement connected with its business niche: incident information had to be transferred to a government agency in a special report form, when severe incidents occur.

After comparing the products of different vendors, the Mining company has chosen the Defensys SOAR as a perfect solution, that fulfills all necessary tasks.

Implementation & Results

First of all, Defensys has set up integrations with the antivirus, SIEM system, and a vulnerability scanner already used in the Company, so that the SOAR immediately receives all data regarding coming incidents.

Defensys defines cybersecurity and governance with a comprehensive suite of SGRC tools designed to streamline and automate KPI measurement. Defensys SGRC empowers organizations to enhance their cybersecurity resilience and maintain robust protection against evolving threats.

Automate and Customize Metrics to Fit Your Needs

Defensys SGRC enables seamless automation of KPI calculations across any time period, gathering data from diverse sources to ensure accuracy and relevance. With our platform, organizations can easily implement automated measurements for critical cybersecurity resilience metrics, making it possible to monitor and manage cybersecurity performance in real-time.

Defensys supports a wide range of KPIs to assess compliance, asset protection, and training effectiveness. This flexible functionality allows users to track:

• Percentage of antivirus agents successfully installed and reviewed on servers and endpoints.

• Percentage of employees completing annual training, including privacy and sensitive data protection practices.

• Percentage of policies reviewed annually.

• Percentage of network devices not running the latest stable version of security-related updates.

The number of cyber threats increases rapidly. Year by year emerge new malware and hacker groups that can undermine the continuity of companies’ business processes. To protect themselves, organizations need reliable tools that can help them withstand today’s cyber threats, one of them is the Defensys SIEM.

Defensys analysts team pays considerable attention to the development of in-house expertise packages, focusing on the quality, relevance and timeliness of rules in the Defensys SIEM. Special feature of the technology is the convenience and flexibility of working with collected events: the solution provides a multifunctional set of tools for creating, testing and operating rules for detecting attacks and threats.

Defensys takes into account the needs of customers, so the product can be easily adapted to work with various event sources, including information security tools from well-known vendors and operating systems, and others. A wide range of systems supported by the Defensys SIEM allows users to quickly configure sources and subsequent event collection to quickly identify threats and develop effective measures to eliminate them.

Challenge & Implementation

The Financial Institution had an implemented vulnerabilities management process based on Company’s scanners, that transferred vulnerabilities to the Defensys SOAR. When the Institution decided to change existing scanners, the running process was stopped. Moreover, the process was inconvenient for users and there was a huge demand for innovations. The Defensys’s engineers together with the Institution’s representatives have formulated the main goals for the process modernization:

1. Нosts have to be grouped in one incident

Previously 1 vulnerability was connected to only 1 host, that consequently led to creation of 1 incident in the SOAR and 1 remediation request in the Company’s ITSM system. So the process was related to the most critical vulnerabilities only. Because if the SOAR received more than three hundred thousand vulnerabilities, the IT department would have the same number of requests. As human resources are limited all the vulnerabilities could not be remediated on time in such a case.

Defensys, the developer of cybersecurity solutions, continues to keep Defensys SIEM development at a high pace and is ready to announce the release of the new version 1.6. The version includes improvements of correlation rules handling, as well as enhanced scalability, additional control, and user management.

A new module of distributed correlator available while setting up a collector has been added to the Defensys SIEM 1.6. Now resources of several nodes in a cluster can be used for synchronized events handling. Thanks to this correlation resources can be horizontally scaled with available physical machines for numerous events handling saving the cost of large configurations.

The Defensys team has paid particular attention to companies with huge infrastructures for whom a flexible role model is extremely important. Therefore, the developers have implemented the multitenancy in the new version, thanks to which it’s possible to centrally manage one solution to protect several organization’s branches or different organizations within one interface.

Challenge

The Bank effectively uses the Defensys SOAR and SGRC in their routine. Nevertheless, the implemented scanner of the Bank from another vendor reported about numerous vulnerabilities daily. Thus the necessity appeared to develop and set up new processes of vulnerabilities management.

Implementation

New policies and processes had to be restructured considering the specifics of the Bank’s infrastructure: all company’s assets are united into informational systems. Individual departments of the Bank and even teams are responsible for different cyber security functions.

Using integration with the Bank’s task-manager, the Defensys’s engineers updated response processes. A playbook, that creates a ticket for responsible employees in a task-manager and adds a report in Excel-form, starts after a new portion of vulnerabilities has automatically come from the scanner. The report contains necessary information regarding vulnerabilities only for a certain team, responsible for separate business processes.

Defensys has announced a new release of the Defensys TIP version 3.24. New functions of the Defensys TIP are aimed at automation of indicators of compromise (IoCs) handling and increase of threat analysis effectiveness.

One of the key changes is the expansion of IoCs export capabilities to security tools. The developer has added the option to create IoCs export rules of IP-address type in OpenIOC format for further transfer to target systems. These improvements expand IoCs export capabilities and make information security processes more effective.

The updated Defensys TIP 3.24 has a modified IoCs search within data flow coming from SIEM systems:

• Information regarding IoCs detection events in CEF format can now be sent back to SIEM systems;

• The filter for events from Apache Kafka has been added. The feature enables events search within the flow in accordance with the defined fields.

Cybersecurity News

• Unauthenticated Stored XSS Vulnerability in LiteSpeed Cache Plugin Affecting 6+ Million Sites.

• WordPress LiteSpeed Cache Plugin Security Flaw Exposes Sites to XSS Attacks. The flaw, tracked as CVE-2024-47374 (CVSS score: 7.2).

• DrayTek has released patches for several models of its routers, addressing 14 vulnerabilities. One of them is rated as critical (10.0 on the CVSS scale) and allows remote execution of arbitrary code.

• CUPS vulnerabilities could put Linux systems at risk. The vulnerability can lead to the interception of a computer over a network or the Internet during a print job.