Stop Security “Self-Sabotage” with a Security Operations Platform

24 Jul Stop Security “Self-Sabotage” with a Security Operations Platform

The 2017 Verizon Data Breach Investigations Report (DBIR) is full of so much information; it’s hard sometimes to know where to start to operationalize it. I was reading a great article by Dark Reading’s Dawn Kawamoto recently entitled, 9 Ways Organizations Sabotage Their Own Security: Lessons from the Verizon DBIR 2017,” where Dawn pulled out key insights and provided a roadmap to stopping the most painful self-inflicted wounds. I highly recommend this article as a useful read for security executives and managers as they review their programs for investment and budget allocation.

However, while acknowledging the challenges is a great first step, many get stuck on the next step – the “How?”

Syncurity provides a security operations automation platform, IR Flow, which quickly and easily adapts to each unique enterprise and orchestrates people, process, and technology to reduce risk. As I read Dawn’s article, it quickly became clear we help our customers reduce the risk exposure highlighted in her piece and answer the “How?” question.

The ability to pull alerts from virtually any API or email-based source means IR Flow can enrich and queue alerts from across cyber, point-of-sale (PoS) and physical security infrastructure. The automated enrichment through integration with IT and security systems, combined with our patent-pending Triage Scoring Engine (TSE), enables IR Flow to quickly rank and dynamically re-rank alerts according to a company’s unique business risks.

IR Flow orchestrates alert and incident response, either automatically or with human approval so that potential threats are mitigated faster – with a complete, auditable system of record for reporting, analysis, and compliance.

In the below chart, I have outlined the self-inflicted wounds Dawn listed in her article and how Syncurity addresses those challenges. If you want to learn more about how IR Flow can help your organization, contact us today.

DBIR Identified “Top” 9 Gap

Syncurity Solution

Syncurity Benefits

Slow response to security alertsAutomated Alert enrichment, risk-based Triage Scoring Engine (TSE)Shrink ”eyes-on” time from hours to minutes, work highest risk alerts first
Under-estimating DDoS volumesTSE to score alerts as higher risk based on volumeIdentify DDoS risk earlier, avoid outage through orchestrated response
Defending the PhishAuto/User-submitted Phish PlaybooksReduce phish victims through rapid analysis and remediation
Not Properly Prioritizing PatchesEnriching, risk-scoping alerts w/TSE based on CMDB vulnerability status + TIP exploit dataQuickly recognize and remediate high-risk user activity
Retail users email and surf on Point-of-Sale (PoS) NetworksTSE to score PoS users/assets alerts as higher riskQuickly recognize and remediate high-risk user activity
Physically inspect ATMs, PoSPhysical security playbooksLessen risk through automating alert triage and incident response
Healthcare lacks encryptionTSE to score alerts as higher risk based on asset statusShorter time to containment for alerts/incidents on unencrypted hardware
Missing cyber spiesAlert Threat Intelligence enrichment, dynamic risk scoring (TSE) using source confidenceQuick and more accurate identification of potential state actors
Education users need schoolingAutomated phishing protection updates to security controls via orchestration APIsAutomatic, rapid blocks for new URL/domains identified as high-risk
No Comments

Post A Comment