Threats catalogs

There is a lot of discussion in the professional community about risk assessment methodologies. At the same time, much less attention is paid to a more powerful indicator of the maturity of the process – the process of building threats catalogs.

Let us turn to a typical assessment process:

After a one-time event – the preparation of methodological materials – the assessment cycle begins on a schedule or trigger. The first step is to determine the assessment areas, a step that depends largely on the completeness of the data on the resource-service model. As with audits, it is important here to see the connections between tangible and intangible assets.

The value of the asset, the most difficult step in terms of assessment, was discussed earlier.

The next step, i.e. identification, is the formation of a list of risks for further assessment. And it is this step that often becomes a stumbling block for inexperienced organizations.

Challenge & Implementation

One of the entity’s departments has already implemented Defensys SOAR and among all other useful features it has the aggregated assets model that SGRC uses via the integration with SOAR. With a rise of the total number of technical equiHaving experience with our software and trusting

Defensys as a reliable vendor, the organization purchased Defensys SGRC for the integration with their internal portal. This portal, created for governmental bodies, is a multifunctional tool for employees of different departments and organizations. Portal allows users to create requests with various purposes. The government entity plays here the managing and approving role.pment within the entity SOAR became increasingly important.

The main function of SGRC in the organization is to automatically fetch all the received requests with the asset model. Thanks to the role model of the SGRC all the necessary asset types can be owned and managed by certain number of employees. Access to a particular asset with all stored requests and created data may be shared between employees of one or several departments.

After receiving and approving portal requests, a new customized entity with a certain status is added to SGRC via API. This asset, depending on type, relates to a relevant asset group automatically.

Cybersecurity news

• Security researchers have dissected a recently emerged ransomware strain named ‘Big Head’ that may be spreading through malvertising that promotes fake Windows updates and Microsoft Word installers.
• Security researchers discovered two malicious file management applications on Google Play with a collective installation count of over 1.5 million that collected excessive user data that goes well beyond what’s needed to offer the promised functionality.
• Cybersecurity experts reported the discovery of the Meduza Stealer malware designed for it “Complex data theft”. The virus monitors “User activity on the Internet, extraction of huge amounts of data related to browsers”.
• Researchers have pulled back the curtain on an updated version of an Apple macOS malware called RustBucket that comes with improved capabilities to establish persistence and avoid detection by security software.
• Researchers discovered an

We are excited to announce the integration of the Defensys SOAR platform with ChatGPT from OpenAI. This integration brings a change to the way users interact with ChatGPT directly within the SOAR incident chat window. By eliminating the need for separate windows, it significantly reduces the time required to obtain relevant information while maintaining the context of the conversation.

But that’s not all.

With the integration of ChatGPT, real-time analysis of incoming incidents and their contextual information becomes possible. Leveraging the power of the MITRE ATT&CK framework, ChatGPT can identify attacker tactics, techniques, and sub-techniques. This enhanced visibility enables analysts to understand the current state of the attacker and anticipate the attacker’s next steps.

And there’s more.

Additionally, the integration empowers effortless generation of incident reports tailored to various stakeholders. Whether it’s a report for managers, directors, or customers, the integration allows for the creation of comprehensive reports in any desired format at the click of a button.

By leveraging ChatGPT’s capabilities, analysts can analyze the accuracy and precision of actions performed, receiving valuable recommendations and insights. ChatGPT assists in identifying any overlooked or undocumented details, providing hints to enhance the quality of incident response.

Defensys has updated the Platform for automation of information security management SGRC. Developer has reviewed the categorization process of сritical assets and taken into consideration new legislation regarding personal data processing.

In the 5.2 version of Defensys SGRC the list of criteria and values for assessing the category of critical assets has been updated. Due to this users now can determine the asset value more precisely and timely notify the regulatory authorities about the categorization.

Personal data processing procedure was also modified by the developer. The Platform enables users both to create and maintain up-to-date lists of information systems, business processes and responsible employees and to consider other assets involved in personal data processing. Users can automate routine tasks, such as notifications regarding personal data changes, damage reevaluation in case of law violations and changes in the composition of technical devices within the company infrastructure.

One more important update to the Platform is the extension of pre-installed methods supplied in the SGRC, which allow users to enter data on current tactics and techniques, as well as define security threat scenarios to form threat models as a part of a risk assessment approach.

Cybersecurity news

• Millions of GitHub repositories may be vulnerable to dependency repository hijacking, also known as “RepoJacking,” which could help attackers deploy supply chain attacks impacting a large number of users.
• A variant of the Mirai botnet is targeting almost two dozen vulnerabilities aiming to take control of D-Link, Arris, Zyxel, TP-Link, Tenda, Netgear, and MediaTek devices to use them for distributed denial-of-service attacks.
• A new malware called Condi has been observed exploiting a security vulnerability in TP-Link Archer AX21 Wi-Fi routers to rope the devices into a distributed denial-of-service botnet.
• CyberCX’s cyber security experts have recently unveiled a way to consistently bypass the security of older Lenovo Laptops with BIOS locked, raising severe security issues among users.
• Microsoft attributed a string of service outages aimed at Azure, Outlook, and OneDrive earlier th

Defensys introduced a new major version of cyberthreat information analysis platform, the Defensys TIP 3.0. The updated platform has a number of significant functional improvements. In particular, users now can apply more qualitative data for threat analysis because of a new source – the MITRE ATT&CK knowledge base. The feature of the IoC rating customization is also available now.

In the Defensys TIP v. 3.0 the developer expanded the volume of cyber intelligence data by integrating the platform with a new source – the knowledge base MITRE ATT&CK. You can get information about malware, threat actors and their techniques directly from the platform interface in the Threats section. Entity cards contain all the information from the knowledge base: entity descriptions, related tactics, synonyms of groupings, sub-techniques, links to web resources that present cases where hackers use certain techniques, as well as recommendations for detecting them.

Risk management is an equally important component of SGRC. Willingness to implement it in itself indicates a certain level of maturity in an organization. If audits answer the question “what is happening to CS now?”, risk management helps answer the question “What will happen to the organization’s CS in the future?” and also try to change that future.

Risk management is a proactive response to potential problems in the cyber security system. Of course, this process can be translated by regulators through regulatory documents requirements but it can be very difficult to approach. The reason for this is the following two factors, which are not described in detail in almost any risk assessment regulation:

– Risk assessment methodology.

– Threats catalogs.

1. Risk assessment methodology

The term “risk assessment methodology” in this article refers to a list of risk parameters and how they are calculated.

There are three key points in the creation and description of assessment methodology, without which the process is not possible:

– What is considered to be the risk level – a key parameter, on the basis of which risks will be prioritized?

– On the basis of what parameters is the risk level calculated?

– On what principle are risk parameters calculated?

Cybersecurity news

• Google has confirmed that a zero-day security vulnerability in Chrome web browser is being actively exploited and has issued an emergency security update in response. CVE-2023-3079 is a type confusion vulnerability in the V8 JavaScript engine.
• GitHub has added support for the Swift programming language to the platform’s security features. A GitHub user can warn project owners about vulnerabilities in the dependencies of their Swift project.
• CISA, FBI and NSA have released another Joint Security Guide, which is the result of a collaborative effort to provide an overview of legitimate uses of remote access software, as well as common exploitations and associated tactics, techniques, and procedures.
• A new anti-cybercrime campaign, Operation CMDStealer, has been revealed, aimed at gaining access to online business accounts of users in Mexico, Peru and Portugal.

The Defensys company issued a new release of the Platform for incident response automation and SOC high efficiency Defensys SOAR v. 5.2. The new version provides users with an email communication tool and enhanced response playbooks capabilities.

One of the key Platform features is the built-in functionality of e-mail correspondence, which is implemented as a separate tab in the incident card. All messages are displayed in the familiar user form as in popular messengers. Herewith, an incident mail thread can be created either manually or automatically using response playbooks. For instance, you could set up an automatic start message requesting additional information immediately when an incident occurs. This increases the ease of communication during the incident handling process and saves time spent switching between the system interface and e-mail.

In the updated version, the Defensys company has improved response playbooks by setting up automatic handling of connector execution errors. Thereby, the Defensys SOAR users get better control over the playbook execution process. If a network failure occurs or an external system is temporarily unavailable, connectors will restart automatically without any human intervention.