Rebecca Gibson |
From ransomware to malware, phishing emails, denial-of-service attacks, and more – businesses around the world are being bombarded with hundreds, if not thousands, of new and increasingly sophisticated cyberthreats every day.
“Now that everything is becoming connected and businesses are migrating vast workloads to the cloud, there has been tremendous growth in the potential attack surface and the range of possible cyberthreats over the past couple of years,” says Tony Velleca, CEO of CyberProof. “And businesses are only going to become more vulnerable as the number of connected devices continues to grow exponentially, and cybercriminals increasingly exploit cloud capabilities to automate attacks and make the software freely available on the dark net.
“Consequently, every business must now assume that it will be attacked and implement solutions to quickly detect and respond to threats before they cause widespread operational, financial or reputational damage.”
Velleca advises that businesses adopt a threat-centric approach to managing cybersecurity if they want to ensure their critical assets are protected, both now and in the future.
“We must approach cybersecurity from the perspective of an attacker to identify all the new areas of vulnerability and develop effective detection rules and response playbooks,” he says. “CyberProof has developed a Use Case Factory methodology so we can continuously create, test and deploy new detection rules, response playbooks, automations and integrations. This allows us to easily adapt our cybersecurity solutions alongside the changing threat surface.”
Finding a way to expediting response times is a key focus. “Organisations must act fast to block an attack, so it’s vital for them to reduce the volume of work associated with analysing the threat alert and their data,” says Velleca. “For example, a ransomware attack might hit 100 machines and trigger 100 alerts, but rather than dealing with each one individually, we need to consolidate them and enrich them with data for the analyst so that we can rapidly respond to them all as one threat. If we don’t do this, we can’t mitigate or contain the attack fast enough. Ideally, the response should be automated too.”
CyberProof offers a full range of managed cybersecurity services that can help with this. They include targeted threat intelligence, end-point detection and response, extended detection and response, and 24/7 triaging, enrichment and investigation services for security alerts.
“Our solutions are integrated with Microsoft’s entire platform – including the cloud-native security event and information (SIEM) system in Microsoft Sentinel and Defender. We combine this technology with our human experts to deliver continuous protection for our customers’ assets,” says Velleca. “Somewhat uniquely, CyberProof’s platform offers full visibility into all the activities being carried out by our analysts, as well as a record of all security alerts and incidents, so cybersecurity is no longer a black box for organisations. Now, they can see exactly what happens in their security solution when it receives an alert, allowing them to play an active role in protecting their business.”
CyberProof’s solutions have already helped multiple clients to protect their critical assets against potentially catastrophic cyberattacks. Velleca cites a project with one of the world’s largest insurance firms as a notable example.
“The organisation provides a centralised service to more than 200 divisions, all of which operate as separate companies that are based in multiple countries around the world,” he says. “It wanted to ensure compliance with various financial services and data management regulations, and find a way to manage and report cyber risk across the business.
“We replaced years of legacy detection rules and playbooks with Microsoft Sentinel SIEM and developed a federated model so cybersecurity can be managed centrally, but each separate division can report on its own regulatory compliance and cyber risks.”
To develop the federated model, CyberProof carried out a significant amount of data ingestion work and deployed a data lake. “We parsed, aggregated, filtered and tagged the data, taking only the higher value data into the Microsoft Sentinel SIEM to run it against the detection rules,” says Velleca. “This vastly reduced the amount of data going into the SIEM, expediting threat detection and cutting costs, while creating a much better structure for data hunting.”
The results were impressive. “This was one of the first commercial deployments of Microsoft Sentinel SIEM, so we were innovating under fire, but both CyberProof and our client are delighted with the outcome,” says Velleca. “Our solutions reduced the total cost of ownership by more than 25 per cent and cut the time it took to process a forensic data query from days to around 20 seconds, so everything is now done in near-real time. We created next-generation security architecture that will protect our client for years to come. It has now become our reference architecture for other customers too.”
Velleca expects collaborations like this to become more common as the network of connected devices grows.
“Businesses will be dealing with massive amounts of data, which will require them to automate threat triage processes, design better capabilities for parsing and optimising data, develop better detection rules, and build and automate improved playbooks,” he says. “Most organisations don’t have the necessary skill set in-house, so they’ll need the help of experts that have the knowledge and expertise to identify and resolve their current cybersecurity challenges, and future-proof their business to ensure continued protection against evolving cyberthreats.
“Collaboration will certainly be the key to success in the future cybersecurity landscape, and CyberProof is well-equipped to help in the fight against cybercrime.”
This article was originally published in the Autumn 2022 issue of Technology Record. To get future issues delivered directly to your inbox, sign up for a free subscription.