The Timber company with several sites uses an outsourced SOC, which, however, is not sufficient and isn’t able to meet all company’s demands. So appeared the need for a cybersecurity software to respond on incidents within the company and control its assets. One of the key requirements for cybersecurity vendors was an experienced team of professional engineers, who could develop and implement an absolutely new business processes.
After a range of meetings and a PoC project, the Timber company has chosen the Defensys SOAR for automation and orchestration.
As the first step, Defensys needed to set up the incident handling process considering incident types. Using provided information regarding all existing types, the Defensys’ engineers have designed an incident handling scheme and successfully implemented it.
Incident response now can be conducted in 2 modes: automatically and manually. New incidents coming from firewalls and a SIEM system to the SOAR are classified according to the developed rules.
As the Company has a distributed infrastructure, there’re responsible employees in each site and the System has to choose the right person for each incident. According to the related incident the SOAR automatically chooses the parameter, that leads to a particular Company’s site.
Defensys has announced the new major release of the Defensys TDP 3.1, the technology for digital simulation of IT infrastructure. The release includes an updated mechanism of lures placement and open API.
With the new version of the Defensys TDP 3.1 users can configure lures placement policy by collecting basic information about machines: OS version, its language, and installed software. New approach of lures placement allows users to make them more reliable and realistic even in large networks. The full range of tools already deployed in the system for lures placement on clients’ hosts (incl. Microsoft SCCM, Ansible, Puppet) is available for CS specialists in the updated Defensys TDP version.
The developer has expanded the product’s integration capabilities with informational systems concerning restrictions, that often exist in large companies’ networks. For example, if records in DNS servers are prohibited in customer’s network, the Defensys TDP can transfer lists of non-existent DNS hostnames through API. This feature allows customers to add them autonomously. Moreover, it’s possible to provide the list of simulated login accounts for monitoring through a customer’s SIEM system.
The Defensys TDP 3.1 has a very user-friendly interface with the simplified interactions through the public API with Swagger (Open API) support.
The Credit bureau with millions of loan and credit records was looking for automation tools to quickly respond on incidents, manage IT infrastructure and meet cyber security standards. Defensys solutions attracted Bureau’s attention, because they’re flexible, customizable and easy to work with. The Defensys SOAR and SGRC were chosen to meet the Company’s needs.
As for the major part of our customers, Defensys’ team has integrated the SOAR and SGRC with an antivirus and AD. Furthermore, an integration with a data base was implemented to receive information regarding networks and equipment.
A challenging part for Defensys’s engineers was the integration with the platform, which is used as incident repository in the company. This platform also acts as the first line of the company’s SOC. Accordingly the Defensys SOAR has become the second SOC line. Due to this reason, the SOAR should constantly receive a lot of information, classify it, and save in its register. Limited integration functions of the Customer’s platform didn’t allow the Defensys team to implement a pre-installed connector, that’s why Defensys engineers managed to develop a customized integration to connect with the platform and transfer incident data to the SOAR.