Aujas Cyber Defense Center, an ISO 27001 certified Global Delivery SOC (Security Operations Center) has gone live in Bangalore. It is designed to extend the capabilities of SIEM (Security Incident and Event Management) solutions and proactively provides threat detection, actionable threat intelligence and endpoint response. This aims to help security professionals hunt and mitigate the increasingly complex and persistent threats of the present and future.
Srinivas Rao, Co-founder and CEO of Aujas, explains the increasing need for proactive cybersecurity. “Today, more than 70% of security incidents are reported by third parties, often as late as 6-9 months after the event. The data signifies that enterprises today have weak monitoring capabilities driven by detecting and alerting familiar attacks. This leaves a window of vulnerability which malicious agents can easily and repeatedly exploit. “
He further added, “If a bank or an insurance provider’s network is breached, then the customer’s assets, as well as personal data and reputation, are on the line. So the key question is do you want your security teams to play on the back foot and wait for malicious attacks or should they start playing on the front foot and stop an attack before it happens? Wouldn’t you sleep better knowing you have the right people, employing the right tools, actively hunting threats 24/7?”
In 2017, the threat landscape consisted of 58 per cent known threats and 42 per cent unknown threats. Further, before 2020, it is likely to exceed that of the known, according to IBM X-Force Threat Research report.
“It is true that technology has evolved and the modern SIEM is truly an integrated solution built on a common codebase, with a single data management architecture and a single user interface. This helps with better correlation, integrated with tactical threat intelligence feeds, the capability to link assets with vulnerabilities and do prioritization with run book automation, but still, that is not enough,” said Rao.
Firstly; not all logs lead to attack patterns; in fact, modern attacks do not even leave logs. So, how do you know whether your system has been compromised?
To understand whether and how an adversary has breached your network, improve your defences and stop future attacks, you must build capabilities in Deception, User and Entity Behavior Analytics and Threat Hunting.
To enable preemptive protection, Aujas Cyber Defense Center incorporates:
- Proactive Threat Discovery by using actionable threat intelligence based on customer critical assets, industry segment and geographical threat vectors, secondly, a proactive threat hunting by leveraging big data that ingest customer log and packets and uses machine learning to identify anomalies and finally, the managed deception to lure attackers and improve true positives
- Advanced Threat Detection using Next Generation SIEM with the flexibility to use kill-chain based use cases and threat model-based protection, capture full packets and flows and integrate well with organizations critical assets, vulnerabilities, use tactical threat intelligence feeds and provide the single pane of glass
- Incident Response Platform Automation to improve SOC efficiency, provide single-view visibility and reduce time-to-respond by 90%
- Endpoint Detection and Response tools to detect and respond to outsider and insider threats; speedily contain future attacks and manage APT attacks effectively
Advanced technology, effective use cases, seamless processes and workflows and automation are good supports to sound decision making. But the real key to cybersecurity is the human capability to hunt and make sense of data.
At the Aujas Cyber Defense Center, a skilled team of certified security professionals scans the client’s network for suspicious behaviour round-the-clock. It collects threat data from the external landscape and combines this information to identify risks. It also separates the false positives/deceptive, validates real risks and prioritizes them.
The team then recommends rapid counter-measures to provide complete cover on threats and intrusions in real time. They conduct a detailed root cause and impact analysis and recommend policy/rule changes to preempt future attacks.
With this right blend of technology, processes and people, Aujas SOC offers 100% service availability in the steady state.