Many factors affect the ability of an organisation to remain secure, including an exponential increase in log data due to the adoption of cloud operating models; endpoint monitoring; and more reliance being placed on online applications. The need to ensure your team is fully up-to-date on the latest threat-hunting techniques, cyber exploits and vulnerabilities is critical. To help put this challenge into perspective, it’s been estimated that 90 per cent of all log data globally was generated within the past 24 months. Utilising this log data effectively to your advantage and identifying malicious activity early is your biggest challenge and best defence against a damaging cyber-attack.
Cyberseer utilise machine-learning technologies from leading security vendors combined with automation and orchestration from Cyberseer’s Automated Security Platform Enriching Cyber Threats (ASPECT) platform. ASPECT enhances and contextualises data and alerts from monitored devices. To achieve this, ASPECT is able to continually automate and orchestrate security data to provide an enriched contextualised view of security alerts and associated intelligence that enables our analysts to quickly identify and manage threats for your organisation. The utilisation of ASPECT and our dedicated forensic analysts ensures that, as greater reliance on cloud technologies and disparate operating models becomes more complex, the increased data volumes generated as a result don’t create gaps in visibility.
Recruiting, training and retaining cybersecurity talent within your team is a significant barrier to SOC performance. According to the 2019 SANS SOC Survey, this issue is amplified as there’s a lack of skilled individuals in the market with an increasing demand that’s effectively pushing up the average salaries offered for vacant roles. Irrespective of the cause, the continual need to manage and maintain staff while also ensuring their skills are updated to reflect the needs of a continually evolving business consumes time and money and puts a strain on other staff to cover vacant positions and help with training. When an employee seeks a position elsewhere, they take with them knowledge and skills that need to be re-learnt at a significant cost to the organisation.
Business as usual is compounded by the above even before coping with the potential increase of risk predicted by the FireEye Cyber Trendscape Report, which suggests 56 per cent of organisations believe the risk of cyber threats will increase in 2020. All organisations, big or small, need to ensure they have a robust security posture. Subject to organisation size, this process may rely on a team of IT analysts periodically reviewing alerts and responding to security incidents alongside their other duties. For larger organisations, a dedicated team who review and respond to security alerts around the clock may be needed. Either way, the continual need to monitor the overwhelming volume of data being received limits the ability to gain a true picture of threats across organisational systems and places time constraints on any investigations.
Many organisations have deployed SIEM tooling to support monitoring and attempt to offset some of the challenges surrounding increased data volumes and visibility. However, SIEM solutions do not provide a complete picture. While they can provide visualisations and alerts against known activity types using correlation rules, they cannot easily identify anomalous activity or behavioural changes in a valid user’s activity and therefore are typically blind to zero-day threats and many insider-based compromises. This is a weakness that’s exploited more and more with analysis of recent major data breaches continuing to prove that evidence of malicious activity was recorded within the collected log data.
To provide a scalable solution that’s always on, flexible, avoids risk and averts threats while maintaining the safety of the business, a blend of machine learning, orchestration and automation tooling, managed and maintained by a team of security professionals, is required. This brings together all the incongruent logs from across the enterprise/SIEM and provides a level of anomaly detection and security alerting of activity that falls outside of that expected for a user, device or application. This approach speeds up detection of malicious activity and enables forensic analysts to focus their time on priority threats and pro-actively threat hunting across the monitored estate, surfacing embryonic traces of potentially malicious activity that otherwise could affect the security posture of the business.
Cyberseer’s forensic analysts leverage machine learning and behavioural analytics technologies coupled with automation and orchestration within our ASPECT platform to identify, triage and support the remediation process of potential threats. This approach helps our customers to maintain a robust security posture that aligns with their changing monitoring needs. Cyberseer analysts quickly understand the context of identified anomalous behaviour, piece together the digital chain of events and advise customers accordingly on how to minimise exposure and thwart potential threats. Utilising Cyberseer SOC services, our customers have increased their security posture while addressing many of the operational and financial challenges associated with deploying and maintaining an always-on capability.