“By leveraging automation technologies, security teams can facilitate the coordination and execution of these security processes among different security functions and across their technology stack. Automation helps accelerate the detection of a variety of threats by using historical indicators of compromise (IOCs), and the knowledge of threat actors’ tactics, techniques, and procedures (TTPs) to trigger machine-driven detection alerts. From there, security teams can once again automate containment actions to ensure that a threat does not spread laterally across their systems and networks, thereby minimizing the impact of a threat” ,says Akshat Jain, CTO & Co-founder, Cyware in conversation with Elets CIO.
Briefly tell us about Cyware.
Anuj Goel and I founded Cyware in 2016 after having a number of years leading large security and technology teams at global organisations in our previous stints. We identified the challenging nature of cybersecurity operations in today’s ever-expanding threat landscape comprising of highly-organised, resourceful cybercrime outfits and newly emerging attack vectors. Conventional security operations centers (SOCs) lack the agility and effectiveness needed to counter today’s fast-moving threats. We set out to address these challenges by building a self-responding collective defense network through cyber fusion centers that enable greater collaboration and information sharing in cybersecurity. Today, Cyware is helping organisations transform their security postures through our cyber fusion solutions that combine the capabilities of Threat Intel Platforms (TIP) and Security Orchestration, Automation, and Response (SOAR) to make security proactive and to integrate and accelerate different security functions, including threat detection, response, vulnerability management, threat hunting, and others.
How Automation plays a vital role in advanced security operations?
Security operations consist of many moving parts, including cross-functional workflows, diverse tools and technologies, time-bound processes, strategic priorities, and more. On a daily basis, security teams triage and investigate a large number of alerts generated from the threats/incidents recorded in their detection tools. Security teams also receive intel received from internal sources such as the data collected from SIEM, firewall, IDS/IPS, or other tools, and external sources like research blogs, ISAC/CERT advisories, OSINT sources, intel feed providers, and more. Automation plays a key role in the enrichment, correlation, analysis, and last-mile delivery of this threat intelligence to different teams within an organisation or with external partners, industry peers, regulatory bodies, information sharing community (ISAC/ISAO) members, and others. Using this telemetry, they are expected to take mitigating actions to contain and respond effectively to those threats.
By leveraging automation technologies, security teams can facilitate the coordination and execution of these security processes among different security functions and across their technology stack. Automation helps accelerate the detection of a variety of threats by using historical indicators of compromise (IOCs), and the knowledge of threat actors’ tactics, techniques, and procedures (TTPs) to trigger machine-driven detection alerts. From there, security teams can once again automate containment actions to ensure that a threat does not spread laterally across their systems and networks, thereby minimizing the impact of a threat.
Response actions needed to finally eliminate the threat can also be executed rapidly through automated workflows leveraging security orchestration for information exchange and actioning across a variety of tools. Security orchestration and automation go hand in hand to help security teams coordinate the flow of data and tasks by integrating existing tools and processes into a repeatable, automatable workflow. By weaving together their tools and processes using an orchestration and automation layer, security teams can connect the dots between different elements of a threat. This also unlocks the possibilities for executing response actions across cloud and on-premise infrastructures with any-to-any orchestration between cybersecurity, DevOps, and IT tools.
Apart from this, routine security operations processes like patch management, threat hunting, or threat assessments can also be performed in a faster manner by combining the power of automation with the expertise of the humans in the loop. Thus, automation, along with orchestration capabilities, can become a force-multiplier for the security operations of any organisation.
Why Cyber Innovation and Global Collective Defence are critical in the cloud-first economy?
Regardless of the industry they operate in, every business today relies on products or services delivered through cloud platforms. These cloud-based elements of the technology infrastructure expose organizations to new kinds of security threats, such as data leaks due to misconfigurations, unauthorized access by rogue actors, denial of service due to targeted attacks, security weaknesses stemming from third-party vulnerabilities, and so on.
The conventional security operations center (SOC) is not designed to monitor and mitigate some of these new threats faced by organisations globally. Cyber innovation is the need of the hour to help organisations adopt new security technologies and strategies to deal with these new challenges. While there is no silver bullet to address the unique security challenges of every organisation, it is necessary to boost collaboration in cybersecurity across all sectors to develop collective defense strategies for a resilient cyberspace for all.
With the increasingly distributed nature of today’s work environment, organisations need a more integrated approach to address their specific cybersecurity use cases. Decision makers within organisations should look to eliminate silos in their security operations by leveraging innovative technologies that enable cross-functional orchestration and collaboration among disparate security functions. Organisations should also make smart use of threat intel collected from both internal and external sources to drive proactive actions against potential threats to their infrastructure.
As threat actors become stealthier and quicker, the defenders need to mount an effective response in the least amount of time possible. Cyber innovation in threat response will help organisations streamline and accelerate their security operations to avoid the fallout of a cybersecurity crisis. By sharing threat information, learnings from past incidents, and collaborating in threat response, organisations can establish a collective defense against the most potent threats today.
How is Cyware marching forward to create a first-of-its-kind global collective defence network?
Today, cyber threats are a shared challenge for organisations of all sizes across both the public and private sectors. To manage the growing cybersecurity risks, organisations need to work together to collectively fend off critical threats. Cyware is building the first-of-its-kind global collective defense network through its advanced cross-sectoral threat intel sharing platforms that connect all the stakeholders within an organisation, as well as its business partners, vendors, industry peers, national CERTs, information sharing communities (ISACs/ISAOs), and others. Through this network, organisations can share strategic, tactical, technical, and operational threat intelligence in real-time to ensure a timely response to various threats. More than 20 information-sharing communities (ISACs, ISAOs, and CERTs) from financial services, automotive, space, aviation, healthcare, retail, energy, and manufacturing sectors, among others, are using Cyware’s solutions to share threat intelligence with their 10,000+ member organisations.
Moreover, Cyware’s security orchestration and automation (SOAR) and connected threat intelligence platform (TIP) solutions enable organisations to operationalise the collected threat intel through the combination of human and machine capabilities in an integrated security operations unit under a single roof. Together, Cyware’s solutions equip organisations with the necessary technological capabilities to adopt a collective defense approach in their cybersecurity strategy.
How Cyware is leading the security landscape in cyber fusion solutions by enabling end-to-end threat intelligence automation for organizations globally?
Cyware’s cyber fusion solutions are designed to facilitate faster threat detection and response and greater threat visibility through the operationalization of threat intelligence into different security processes while enabling collaboration between siloed security teams. One of the key capabilities provided by Cyware’s cyber fusion solutions is helping security teams leverage threat intelligence to drive security actions across the cloud-based, on-premise, or hybrid infrastructure. From the ingestion of threat intel via different internal and external sources to analysis and operationalization, Cyware’s solutions provide security teams the ability to automate their end-to-end threat intel operations. Furthermore, Cyware also provides organisations with the advantage of automated, last-mile delivery of threat intel to different stakeholders within and outside an organisation for smarter and faster decision-making and actioning. Together, Cyware’s solutions provide seamless and automated threat intelligence integration in security operations.