What are successful organisations doing to beat today’s sophisticated cyber threats?
Security Information Event Management (SIEM) has been the centre of the security operations centre for over a decade now. SIEMs are intended to log as much data as possible in order to assist with incident detection, response, and investigation. One challenge is that it can be prohibitive, either from a cost or storage perspective, to log everything. This is particularly true for the logs on all of the endpoints in an environment.
Modern IT and OT networks push massive amounts of data throughout the ecosystems per day, generating thousands of alerts and not enough security operations analysts to address these. Valuable time is wasted searching for the missing context needed to determine what’s a real threat and its priority, and too much time lost due to overwhelming numbers of false positives. Unfortunately, this has been the golden goose for countless number of MSSPs. With attackers aware of these limitations of SIEM tools (both technology and economics), the best way to evade a SIEM security is to use tactics that are unlikely to be logged at all. SIEM solutions do a fantastic job of aggregating logs, but need more context for them to make sense of the data
Over the last five years, the industry began shifting from log aggregation and rule-based event monitoring to security analytics, and user and entity behaviour analytics (UEBA). Unfortunately, attackers are growing confident and focus more and more on avoiding detection by well-known security analytics use cases such as in the recent Solorigate supply chain attack, where they took steps to avoid being detected based on IP geolocation anomalies, or by detecting Command & Control traffic based on typical beaconing behaviour. In short, experienced attackers are paying attention to what the best blue teams (e.g., FireEye) are doing out there and tweaking their methods to avoid detection.
SIEM tools are good but remain low on the detection maturity scale. Security Analytics methods are a powerful, and sometimes the only way to detect advanced attacks. Organisations adopting SIEM and security analytics-based use cases across the many tactics of the Mitre ATT&CK framework have a higher chance; however, monitoring remains an arduous task. Enter threat hunting, a proactive technique that combines security tools, analytics, and threat intelligence with human analysis and instinct as well as the quality of the data, not the quantity.
SIEM, Security Analytics, UEBA, security use-cases as well as Security Threat Hunting are capabilities that have provided a new map to direct and address execution and critical resourcing issues that have troubled the industry. To complement these, security automation technology such as Security Orchestration, Automation, and Response (SOAR) driven by artificial intelligence offers streamlined security operations in three key areas: threat and vulnerability management, incident response, and security operations automation.
The rapid rise of cyber threats is outpacing many organisation’s ability to combat these. At Iris Networks, we believe that a winning approach requires rapid detection that provides greater contextual relevance to the business and built on a dynamic understanding of an ever-changing threat landscape. This means a different AI-driven capability combining SIEM, Security Analytics, UBA, security use-cases as well as threat hunting and security automation to provide a new map to direct and address execution and resourcing issues that have troubled the industry.
Iris Networks Cloud & Security offers four distinct Managed Security Services to support our customers:
- One-off Cloud Security Posture Assessment Service
This one-off cloud security assessment helps organisations to reduce their risk, and improves the visibility of their data life cycle in an era where cyber threats are complex and multi-faceted.
In this model, we provide a one-time assessment service our SaaS environment or for highly regulated customers, we also set up an on-demand offering.
Carrying out a cloud security assessment is a practical and strategic exercise to improve your cloud security health. A cloud security assessment helps you reduce your risk, and improves the visibility of the data life cycle in an era where cyber threats are complex and multi-faceted.
- Managed Cloud Monitoring
This service provides organisations with continuous security monitoring, compliance adherence and custom policy building effectiveness, across multiple major cloud platforms.
As businesses everywhere move onto the cloud, they face new security challenges. There are thousands of configurations in the cloud and the numbers increase exponentially as you start leveraging more and more services from Cloud Service Providers and more so, when you have a multi cloud posture. It then becomes humanly impossible to keep up with and understand the nuances of the configurations involved in some of the key components in the cloud, mainly centred around Compute, Networks, Identity and Storage.
Using our industry-leading cloud-native platform, our Mission Control team enable you to have assurance that continuous monitoring, compliance adherence and custom policy building are effective as well as detecting cloud vulnerabilities and attacks as they occur, across multiple major cloud platforms. Our team work directly with you as an extension of your team, bringing their cloud security expertise to bear to guide implementation, risk surface identification, and ongoing cloud monitoring, enhancing your cloud strategy security posture.
- Managed SIEM
This service goes beyond Managed Security Services, and is tailored for organisations not comfortable off-loading their data to a provider, while maintaining full transparency working with our Mission Control.
It covers a blended group of security operations specialists, running, managing, and perfecting your tools, while you retain total ownership.
This service enables your security analysts to prioritise alerts, and respond to the most suspicious threat behaviour faster, and ensuring that threats don’t go unnoticed and linger in your environment.
- Managed Detection & Response (MDR)
MDR is for organisations struggling with detecting and responding to modern cyber threats efficiently across all environments: IT, OT, and cloud. MDR a cost-effective alternative to building an in-house SOC, delivers real-time monitoring, detection, and response using a holistic, turnkey approach.
We provide 24×7 coverage, extensive security expertise, and a well-staffed security team ensuring that threats don’t go unnoticed. We eliminate alert fatigue and false positives to promote a faster response with detection, and response capabilities that are tailored to your specific needs. Our Mission Control team work directly with you as an extension of your team to perform threat hunting, incident response, and guided remediation, while also providing strategic recommendations tailored to the unique needs of your environment.