News

Another cyber security breach, a sentence that has become part of our daily lives.

A security breach is any incident that results in unauthorized access to computer data, applications, networks, or devices. It results in information being accessed without authorization.


Typically, it occurs when an intruder can bypass security mechanisms.

Technically, there's a distinction between a security breach and a data breach. A security breach is effectively a break-in, whereas a data breach is defined as the cybercriminal getting away with information. Imagine a burglar; the security breach is when he climbs through the window, and the data breach is when he grabs your pocketbook or laptop and takes it away.


Confidential information has immense value. It's often sold on the dark web; for example, names and credit card numbers can be bought, and then used for the purposes of identity theft or fraud. It's not surprising that security breaches can cost companies huge amounts of money


The sad part of this daily occurrence is the organisations security teams at the frontline of this war is ill equipped to fight the next generation of threats. Organisation’s security teams and leadership must realise that this war has evolved to much more than just the traditional perimeter of your organisation and there SOC response teams on the ground need to be more prepared, better equipped, more agile than any attacker or hacker organization.


This leads me into the title of this article “SOAR the dinosaur in the room. “


Now Gartner classifies SOAR or Security Orchestration, Automation and Response as the following SOAR refers to technologies that enable organizations to collect inputs monitored by the security operations team. For example, alerts from the SIEM system and other security technologies — where incident analysis and triage can be performed by leveraging a combination of human and machine power — help define, prioritize, and drive standardized incident response activities. SOAR tools allow an organization to define incident analysis and response procedures in a digital workflow format.


It’s at this very moment that your security analyst will be asking what’s the problem, this is a critical part of our daily operations? It takes highly skilled Tier 1, Tier 2, and Tier 3 security Analysts to keep the organisations SOAR operations running? I want to see you do better at threat hunting, I want you to find threats faster, I want your response to be more detailed and always give you the Who, What, Where, When?


Before you continue, please hear me out.


Traditional SOAR and SIEM solutions are old, out of date and a in a nutshell give originations false sense of security! The faster an organisations SOC team and Security Leadership realise this the faster organisations can equip themselves to be ready for the new age of cyber security. Resources should not be spending months to analyser millions and even billions of events to tirelessly build correlation rules just to realise that 90% of alerts and events are false positives? SOC teams spend millions on having the latest and greatest SOAR/SIEM solution hoping the playbooks and automations will help them find threats faster and I mean not a year after the breach has taken place. Don’t get me wrong Traditional SIEM and SOAR has a place, but SOC teams need to be realistic and accept that the perimeter has shifted, and the new name of the game is called IDENTITY!


The concept of identity has always been difficult to understand but in a nutshell, Identity can be classified as a user, a customer, a IOT device, a person and anything that’s an entity. I can probably go on a wild run bashing why SOAR/SIEM solutions no longer work… but ultimately how do we better our organisations response and how do we utilise the power of identity to EVOLVE your security?


Behavioural analytics gives you a new lens through which to detect, investigate, and respond to threats that may be hiding in your enterprise—before your data is stolen. Using machine learning, UEBA distils billions of events into a prioritized list of high-quality security leads to focus and accelerate the efforts of your security operations centre (SOC). This intelligence uses big data and machine learning models, combined with a highly intuitive user interface (UI), to accelerate threat detection and investigation from weeks to minutes. It is uniquely positions your SOC to find the threats that matter your organizations valuable data. Ultimately, it helps your SOC team protect, limited security or financial resources, and significant surface area to monitor. Unlike other solutions UEBA works with you SOAR solution to bypasses rules and thresholds and instead assesses the potential risk of a user or entity in your enterprise based on mathematical probability and unsupervised machine learning models. This approach, combined with big-data architecture, allows your security team to detect threats with speed and at scale.


In conclusion UEBA helps your SOC teams

  • Find elusive, unknown threats

  • Contextualized events of the riskiest behaviours

  • Cut through the noise

  • Boost SOC productivity

Security Leaders enable your SOC teams to Respond before the damage is done, UEBA was made by threat hunters to help you EVOLVE YOUR Security.

#UEBA #SIEM #SOAR #IAM

Brendon Meyer

27 views0 comments

As a cyber security professional, the concept of Zero Trust entices us : the right access is provided to the right users at the right time. However journey to achieve the zero trust is not straight forward. We need to answer few questions. Do I need to acquire new tool, or do I need to re-design the current security architecture? Can I achieve the Zero Trust reusing my current security architecture?



We are here to assist you , Our free no-obligation assessment will asses the maturity of your organization is on the path to zero trust. We will provide a zero trust maturity report and recommendations to finish the zero trust journey with limited resources.



Zero Trust


The Zero Trust Security approach ensures the right people have the right level of access, to the right resources, in the right context, and that access is assessed continuously — all without adding friction for the user.


Thus, the initial step in your Zero Trust strategy should be focused on:

  • Granting access by verifying who is requesting access

  • Understanding the context of the request

  • Determining the risk of the access environment

This never trust, always verify, enforce least privilege approach provides the greatest security for organizations. It adapts to the complexity of the modern environment, embraces the mobile workforce and protects people, devices, applications and data wherever they are.


A zero-trust approach doesn’t require a complete reinvention of your infrastructure. The most successful solutions starts with Access. People, Processes, Devices that Access your systems and and the access controls for those entities. This is where Identity comes in , making it the Foundational Technology on your path to Zero Trust Security.

Why Zero Trust Assessment ?


Different organizational requirements, existing technology implementations and security stages all affect how a Zero Trust security model implementation is planned and executed.


The Zero Trust Assessment tool will help you determine where you are in your journey across Zero Trust Maturity Model shown alongside. The assessment will provide where you are , where do you want to go & Gap Analysis with Personalized recommendations on how to progress to the next stage.


Free Online Assessment Based on Industry Framework & Architecture

Assessment covering all major domains E.g Access Management , PAM, Identity Governance , Data Access Governance etc.

Gap Analysis with Personalized Recommendations, which would be virtually presented by team of experts after Analysis – 1 Week after filling in the Online Assessment.

Free Half a Day Zero Trust Workshop for Deep Dive Analysis with relevant stake holders , after the initial Assessment discussion


Click here to take our Zero Trust Assessment Based on NIST Framework & Architecture with no-obligation


Cheers,

Christiaan



7 views0 comments

Updated: Jul 12


Insider threats come in many shapes and sizes. With the prevalent risk in cybersecurity, cyber-attacks are bound to happen despite our best efforts.

By applying adaptive intelligence to your organization’s security events, identities that violate specific Framework policies will be identified easier, enabling faster response times to threats.


Automation of security anomaly detection can be made simpler with the use of Artificial Intelligence (AI), proven statistical models, and unsupervised Machine Learning. This allows real threats to become the main focus for your IT team as “false positives” are filtered out. Interset can help you get rid of security breach points once and for all through the use of the MITRE ATT&CK Framework.


Interset can determine and profile different identities and their actions within their specific departments or locations to determine their Unique Normal Events by using User & Entity Behavioural Analytics (UEBA). This "Unique Normal" is used to identify any abnormal access or activities, making it easier for IT to respond to any problems tied to cybersecurity risk before any serious damage is caused to your organization.


To find out how you can benefit, go to the Contact Us tab on securedtech.co.za, submit your query and one of our skilled staff members will get back to you as soon as possible.


Cheers,

Christiaan

30 views0 comments
1
2