SGRC systems: Risks, part 3

Risk handling

The main purpose of a risk assessment is to form a strategy to avoid or mitigate the damage of potential cyber incidents.

But while audits are about the present (there is a certain requirement – it is not being met now, the picture is clear), in the context of future threats, it can be extremely difficult for CS staff to explain to management the purpose of allocating the budget. A risk assessment helps to translate the needs of the CS department into the language of the business and communicate the importance of the information received.

At the same time, SGRC solutions strengthen communication with the business, allowing the removal of higher-level risks from technical ones, as well as automatically generating understandable graphs and visual dashboards to simplify this communication without additional time expenditure on the part of employees.

Accumulating technical data about the state of CS is an important but not the last task. To make a breakthrough in the quality and effectiveness of the IS system, this data needs to be contextualized and properly analyzed.

But in an ideal worldview, of course, one would like to use the SGRC system after its implementation not “in a vacuum” but to aggregate in it information useful in terms of processes automated by the SGRC system.


Cybersecurity Digest #81: 22/08/2023 – 05/09/2023

Cybersecurity news


Cybersecurity Digest #80: 08/08/2023 – 23/08/2023

Cybersecurity news

  • Ivanti warned customers that a critical Sentry API authentication bypass vulnerability is being exploited in the wild. Discovered and reported by researchers at cybersecurity company mnemonic, the critical vulnerability (CVE-2023-38035) enables unauthenticated attackers to gain access to sensitive admin portal configuration APIs exposed over port 8443, used by MobileIron Configuration Service (MICS).
  • Researchers from Italy and the UK have discovered four vulnerabilities in the TP-Link Tapo L530E smart bulb and TP-Link’s Tapo app, which could allow attackers to steal their target’s WiFi password.
  • An ongoing phishing campaign has been underway since at least April 2023 that attempts to steal credentials for Zimbra Collaboration email servers worldwide. Phishing emails are sent to organizations worldwide, with no specific focus on certain organizations or sectors. The threat actor behind this operation remains unknown at this time.
  • The threat actors behind the Monti ransomware have resurfaced after a two-month break with a new Linux version of the encryptor in its attacks targeting government and legal sectors. A BinDiff analysis has revealed that while the older iterations had a 99% similarity rate with Conti, the latest version has only a 29% similarity rate, suggesting an overhaul.


Case study by Defensys – Machine factory


The Factory has purchased step by step all Defensys products: SOAR, Security GRC, Threat Intelligence, SENSE and Threat Deception platforms. As a part of large project on software installation and customization, our target was to build an ecosystem based on Defensys software which will cover all cybersecurity needs of the factory.


Since each company has its own internal procedures, Defensys takes into account all customer requests and adapts software to specific requirements. The factory has 5 types of incidents to be detected, so there were tailored 5 SOAR playbooks that utilize different connectors during the response and investigation processes.

The company stored most of the assets data in a SIEM system and all incidents for further processing are being taken from the SIEM too. Besides, it’s connected with AD and antivirus solution.

At the moment, by using Defensys software, the company can do the following:

  • Control brute force attacks and withstand malware campaigns (SOAR)
  • Conduct assets inventory without agents (SOAR)
  • Identify unnatural infrastructure behavior (SENSE)
  • Identify indicators of compromise inside the corporate network and respond rapidly before the cyber incident occurs (SIEM-sensor feature of the Defensys TIP)

The factory has highly appreciated TDP as an up-to-date platform to enhance the state of cybersecurity and actively generates traps and lures in its subnets.


Defensys SENSE v. 1.14: more capabilities for threat detection and incident investigation

Defensys developed an updated Platform for assets behavior analysis and anomaly detection, the Defensys SENSE v. 1.14. The Platform now can be integrated with the Defensys Endpoint technology, which extends the function of endpoint data collection. The new Platform version provides cyber security analysts with more context while looking for the causes of anomalies due to the modified asset card.

With the new version, users get access to a wider range of events and telemetry from different operating systems, including Windows, Linux, and MacOS. This expands the data flow from endpoints, which delivers CS analysts incidents of higher quality for the following assessment. This process was implemented thanks to integration of the Defensys SENSE with the Defensys Endpoint technology.

The asset card was significantly updated. At the moment asset’s technical data and related entities are displayed on the asset card besides the basic information. Because of this, users can quickly access full context of the necessary asset and remarkably speed up the root cause search.

Therefore, Defensys added a new tab “Daily analytics” to the asset card, where you can find rating changes, anomalies, and involved equipment for the last 24 hours. After detection of equipment with a high rating, cyber analysts can research all users’ actions during the day with a single click and define, if investigation is needed in case of anomaly activities detection.