Cloud Security and Governance – Mind the Security Gap
Cloud Security and Governance – Mind the Security Gap Workloads are migrating to the Cloud with…
The main problem businesses were facing, was that the attack surface of an endpoint and the complexity of the surrounding infrastructure evolved, but they were still relying on antivirus solutions that relied on signatures, sometimes out of date signatures, to identify and prevent a malicious file from executing. Further to that, attack types had changed and malicious actors were no longer interested in writing malicious files for victim machines but were more interested in stealing data or encrypting data for ransom. Those that were creating malicious files, had devised ways of padding files with extra bytes to avoid detection or evolved attacks to include memory “fileless” attacks.
EDR was developed to provide a business with the visibility to “see” unusual activity occurring in an environment using behaviour analytics, some threat intelligence and host intrusion detection sensing, specifically around the endpoints. The problem immediately identified was that with increased visibility came an increased amount of security data to ingest, which required more resources, often burdening already over-burdened security teams, if there were any security teams at all. EDR also had no signatures to refer to, so that meant that SOC teams were inundated with data and false positives to process. Enterprises quickly found that they now needed an EDR and EPP, to sufficiently protect their endpoints.
Recently, vendors have started to converge these two solutions together bringing prevention techniques and detection techniques into one single solution. The problem, however, was that now the platform’s security data would grow exponentially and security teams would have no chance of analysing these huge amounts of data, so many of the vendors have integrated machine learning tasks into their solutions in order to prioritise what the solution considers a high impact threat, by piecing various pieces of data flow together, allowing analysts to review the information rather than having to piece the data together themselves. These solutions are also correlating data from threat source feeds externally to identify any similar threats emerging from that feed worldwide. Some solutions are even completing deep analysis of suspected malware files in order to determine “known good” and “known bad” files in an online sandbox.
The security industry hasn’t stopped there, however, most recently, vendors like Palo Alto Networks have introduced XDR which basically extends the converged EDR into their firewalls, their endpoint solutions, and their CASB solutions based on the assumption that an enterprise is already using their solutions, and those security information points act as sensors, sending security data to a threat analysis engine for processing.
This leads us on to MDR (Managed Detection and Response). In many cases, a business needs these type of technologies to manage their IT risk, but cannot afford to throw multiple resources at these toolsets. Business’ IT departments are also already dealing with infrastructure, capacity, Business As Usual (BAU) and some security activities. Most of the IT team have limited experience in security analysis. It makes sense then that these businesses use an experienced MDR team to detect, analyse, prioritise and offer remediation to security incidents, allowing the IT teams to focus on their tasks.
Secure-ISS offers MDR services by integrating various tools like converged EDR, XDR, SIEM, IDS, threat hunting and vulnerability management for our security analysts in our 24/7 security operations centre, providing our customers with unparalleled security expertise and advice.
Cloud Security and Governance – Mind the Security Gap Workloads are migrating to the Cloud with…
Penetration Testing Penetration testing is essentially recreating malicious attacks in order to exploit and identify gaps…
Vulnerability Management – Assessment and Patching An effective Vulnerability Assessment (VA) approach Organisations are most likely…
Managed Detection and Response (MDR) What is a Managed Detection and Response service? Managed Detection and…
Endpoint Detection and Response Solutions – EDR / XDR / MDR Endpoint Protection Platforms (EPP) are…
SOAR – Security Operations, Analytics and Reporting Orchestration and Automation of incident response are key elements…
Threat Intelligence What is Threat Intelligence? Threat intelligence is information about the activity taking place inside…
CASB – Cloud Access Security Broker Cloud Access Security Brokers (CASB) provide visibility and control of…
Least Privilege Access Control A “Least Privileged” access control regime provides users with only the minimum…
Incident Response Process Incident Response Planning Not to be too negative, but a serious security incident…
Application Whitelisting What is Application Whitelisting? Application whitelisting is the practice of defining approved software within…
Web and Content Filtering Content Filtering involves the use of certain hardware and software components, that…
Network Intrusion Prevention System (IPS) IPS is a solution which is designed to prevent malicious activity…
Identity Access Management – Securing every Industry One of the most effective ways for a business…
Privileged Account Management (PAM) What does Privileged Access mean? Privileged access can be defined as administrative…
Monitor Security Services Keep your eyes on the pulse. You can collect and monitor information, identify…
Email Gateway Security ESGs – Even in a Cloud first world an Email Security Gateway is…
Vulnerability Management So what is Vulnerability Management? We’d suggest it is an ongoing process to ensure…
Edge Protection A business’s network edge or perimeter was once upon a time easily defined. Everything…
Endpoint Protection Platforms Anti-Malware and Anti-Virus – Critical to any security program Protection from malware, including…
Backup Strategy and Solutions Backing up your business data is a critical foundation of any business…