cybersecurity predittiva Giacomo Lanzi

Predictive cybersecurity with our SOCaaS

Estimated reading time: 4 minutes

Today, facing an attack in a corporate SOC is very similar to being under attack without knowing which direction the blow is coming from. The threat intelligence can keep you informed of security issues. However, in many cases, this information is only provided when you are already under attack, and is rarely very useful except in retrospect. It would take a different approach to data analysis, and that’s exactly what we propose with predictive cybersecurity .

In cybersecurity, threat intelligence is still relied upon as a fundamental defensive tool. Unfortunately, threat intelligence only covers a subset of threats that have already been found, while attackers constantly innovate . This means that new malware executables, phishing domains and attack strategies are created all the time.

Threat intelligence has a strong value for reactive incident response. It helps when pivoting through an investigation, identifying intent or other useful data, and providing additional investigative assistance. But it has limited value for detection, as threat actors avoid reusing their attack infrastructure from one target to another.

If the clues you see are different from those known from previous attacks, what can you do to move forward with effective detection? A legitimate question, for which predictive cybersecurity perhaps has an answer.

… what if you could know what is going to hit?

SOCaaS: predictive cybersecurity

Eyes on opponents rather than past attacks

The SOCaaS solution offered by SOD brings predictive cybersecurity capabilities to cybersecurity. The solution maps adversaries , instead of threats, and analyzes their actions to predict the behavior and the tools used in their attacks.

The analytical engine translates behavioral patterns into profiles of adversary attack infrastructures , which indicate as ( trojan, phishing or other forms of attack ) and where ( branches, customers, partners, peers, industry and geographies ) < strong> attackers are planning to target your company .

This provides a preemptive attack map, which identifies opponents based on their attack phase and current position within the extended business landscape . But not only that, in fact, information about the opponent, typical attack patterns and possible countermeasures that can be taken in advance are also identified. This way you can cancel the threat before it materializes .

cybersecurity predittiva

Predictive cybersecurity: understand what’s going to happen first

Our SOCaaS provides predictive detection capabilities against internal and external threats with the combination of user, entity and adversary behavior analysis. Our Next-Gen SIEM uses an analytics-driven approach to threat detection. SOC provides visibility in the crucial early stages of an attack. That is when cyber actors are targeting, planning and preparing the infrastructure for an attack.

With this level of predictive visibility, the team can prevent attacks and systematically contain those in progress. Predictive cybersecurity allows defenders to tune their systems against the attack infrastructure. In fact, it is possible to build blacklists that include the IP addresses and the host names of the instances used for the attack . Other measures include fortifying corporate systems against the specific malware that is used to target them, rendering the attack powerless when it occurs.

Opponent Behavior Analysis extends the capabilities of Next-Gen SIEM by continuously providing updated analysis of opponent information and behavior . This encompasses the entire attack infrastructure for dynamic and proactive threat protection.

SOCaaS automatically translates the pre-attack behavior of opponents into actions or countermeasures that can be taken against phishing, compromise of corporate email, ransomware, fraud and many other common threats.

Common use-cases

Threat-chaining

Correlate breaches from the same adversary / campaign into a cohesive threat, even if different pieces of attack infrastructure are used for each event.

Prevention and preventive defense

Preemptively blocking an opponent’s entire attack infrastructure, such as newly created phishing domains, for preemptive defense.

Strengthen vulnerable resources

Focus and secure the most vulnerable parts of your infrastructure based on information that identifies which areas are possible targets.

predictive cybersecurity

The information provided by SOCaaS is used to add more context to existing threats, as well as provide information on attacks that have not yet been implemented or are in the early stages, such as reconnaissance. This allows for direct action against evolving threats and a more robust defense.

Conclusions

Relying on luck to catch threats is madness, as the recent SolarWinds attack . Make your fortune with SOD’s SOCaaS solution, making sure you see threats before they happen and are “lucky” enough to counter them.

Link utili:

Share


RSS

More Articles…

Categories …

Tags

RSS Dark Reading

RSS Full Disclosure

  • Backdoor.Win32.Hellza.120 / Authentication Bypass September 20, 2022
    Posted by malvuln on Sep 19Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/2cbd0fcf4d5fd5fb6c8014390efb0b21_B.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Backdoor.Win32.Hellza.120 Vulnerability: Authentication Bypass Description: The malware listens on TCP ports 12122, 21. Third-party adversarys who can reach infected systems can logon using any username/password combination....
  • Backdoor.Win32.Hellza.120 / Unauthorized Remote Command Execution September 20, 2022
    Posted by malvuln on Sep 19Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/2cbd0fcf4d5fd5fb6c8014390efb0b21.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Backdoor.Win32.Hellza.120 Vulnerability: Unauthorized Remote Command Execution Description: The malware listens on TCP ports 12122, 21. Third-party adversarys who can reach infected systems can issue commands made available by the...
  • Trojan.Ransom.Ryuk.A / Arbitrary Code Execution September 20, 2022
    Posted by malvuln on Sep 19Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/5ac0f050f93f86e69026faea1fbb4450.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Trojan.Ransom.Ryuk.A Vulnerability: Arbitrary Code Execution Description: The ransomware looks for and executes DLLs in its current directory. Therefore, we can potentially hijack a vuln DLL execute our own code, […]
  • Trojan-Dropper.Win32.Corty.10 / Insecure Credential Storage September 20, 2022
    Posted by malvuln on Sep 19Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/f72138e574743640bdcdb9f102dff0a5.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Trojan-Dropper.Win32.Corty.10 Vulnerability: Insecure Credential Storage Description: The malware stores its credentials in cleartext within the Windows registry. Family: Corty Type: PE32 MD5: f72138e574743640bdcdb9f102dff0a5 Vuln ID:...
  • Re: over 2000 packages depend on abort()ing libgmp September 20, 2022
    Posted by Matthew Fernandez on Sep 19What is the security boundary being violated here? As a maintainer of some of the packages implicated here, I’m unsure what my actionable tasks are. The threat model(s) for my packages does not consider crashes to be a security violation. On the other side, things like crypto code frequently […]
  • SEC Consult SA-20220915-0 :: Local Privilege Escalation im SAP® SAPControl Web Service Interface (sapuxuserchk) September 16, 2022
    Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Sep 15SEC Consult Vulnerability Lab Security Advisory < 20220915-0 > ======================================================================= title: Local privilege escalation product: SAP® SAPControl Web Service Interface (sapuxuserchk) vulnerable version: see section "Vulnerable / tested versions" fixed version: see SAP security note 3158619 CVE number: CVE-2022-29614...
  • SEC Consult SA-20220914-0 :: Improper Access Control in SAP® SAProuter September 16, 2022
    Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Sep 15SEC Consult Vulnerability Lab Security Advisory < 20220914-0 > ======================================================================= title: Improper Access Control product: SAP® SAProuter vulnerable version: see section "Vulnerable / tested versions" fixed version: see SAP security note 3158375 CVE number: CVE-2022-27668 impact: high homepage:...
  • over 2000 packages depend on abort()ing libgmp September 16, 2022
    Posted by Georgi Guninski on Sep 15ping world libgmp is library about big numbers. it is not a library for very big numbers, because if libgmp meets a very big number, it calls abort() and coredumps. 2442 packages depend on libgmp on ubuntu20. [email protected]:~/prim$ apt-cache rdepends libgmp10 | wc -l 2442 gawk crash: [email protected]:~/prim$ gawk […]
  • APPLE-SA-2022-09-12-5 Safari 16 September 12, 2022
    Posted by Apple Product Security via Fulldisclosure on Sep 12APPLE-SA-2022-09-12-5 Safari 16 Safari 16 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213442. Safari Extensions Available for: macOS Big Sur and macOS Monterey Impact: A website may be able to track users through Safari web extensions Description: A logic issue […]
  • APPLE-SA-2022-09-12-4 macOS Monterey 12.6 September 12, 2022
    Posted by Apple Product Security via Fulldisclosure on Sep 12APPLE-SA-2022-09-12-4 macOS Monterey 12.6 macOS Monterey 12.6 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213444. ATS Available for: macOS Monterey Impact: An app may be able to bypass Privacy preferences Description: A logic issue was addressed with improved state management. […]

Customers

Newsletter