Friday 7th June 2019
Growing Challenge of Cyber Threats
The challenges facing enterprises today to protect their digital assets against the deluge of growing cyber threats are well documented.
ENISA Threat Landscape Report 2018 found that “Information theft, loss, or attack is now the prevalent type of crime against organisations, overpowering physical theft, which, until 2017, was the most common type of fraud against corporations for a decade”.  And according to the University of Maryland, “Malicious hackers are now attacking computers and networks at a rate of one attack every 39 seconds.” 
Cyber threats are not limited to enterprises as consumers devices used in the Internet of Things (IoT) are also under attack. Whilst, the Mozilla Internet Health Report 2018 estimates that the number of Internet-connected devices will double from 2015 to 2020 to reach 30 billion devices worldwide  with Kaspersky Lab detecting three times as many malware samples targeting smart devices in the first half of 2018. 
From a technical point of view there is no lack of technology to help organisations defend against the growing cyber threats. What is lacking is a truly coordinated cyber defence infrastructure where people, technology, and processes are working together to provide a consistent and co-ordinated defence-in-depth approach to protect against even the most advanced targeted attacks.
This article covers the fundamentals of SOAR technologies with an emphasis on how the BlockAPT Platform Security Orchestration, Automation and Response (SOAR) Platform differentiates from existing solutions.
The SIEM is Dead. Long Live SOAR.
The scale of the challenge in protecting enterprises against the increasing complex and targeted cyber-attacks is escalating as businesses rely more on computer networks to conduct their digital operations. Making sense of the growing number of alerts generated by various network and security devices in order to detect and respond to cyber-attacks in a fast and cost-effective manner before damage is done is what every organisation aspires to. Security Information and Event Management (SIEM) technologies provide a way to manage, correlate, and delivers context from the many alerts generated by normal and abnormal network activities. However, they have their limitation.
SOAR  promises to complement existing SIEM solutions by leveraging the power of automation to add consistency in operational security processes and huge cost savings and efficiencies in the way security operations teams or Security Operations Centers (SOC) are managed.
The Future of Defence-In-Depth is SOAR
SOAR is about getting the best out of an organisation existing security defences by leveraging the power of automation and deep integration with SIEM technologies. By extending SIEM solutions, SOAR vendors have evolved to provide the ability to make sense of raw logs and events from Firewalls, Intrusion Detection Systems, Intrusion Prevention Systems, Endpoint Detection Systems, and so on. SOAR technologies allow organisations to organise or group security events, providing a framework and context to automate security processes and to respond to cyber threats faster.
Ultimately, the end goal is to reduce the number of alerts, significantly increase efficiencies, and gain huge improvements in Mean Time To Detect (MTTD) and Mean Time To Respond (MTTR) to cyber threats. From the business benefits point of view, it means getting the best out of your existing security investment both from a technology and human resources standpoint. In some cases, SOAR technologies can increase efficiencies in security operations by more than 70%.
Although SOAR technologies are relatively new compared to more mature security solutions such as SIEMs and firewalls technologies, the benefits to enterprises can be significant. Moreover, SOAR technologies work within an existing security stack of network and security devices. An organization must have reached a certain level of maturity in their security operations to truly benefits from a SOAR solution.
The approach of various SOAR vendors is similar, however, the way they integrate and leverage existing network and security ecosystems remains quite different and diverse across the board. At the core, SOAR vendors focus on enhancing existing SIEM management, creating a uniform and consistent way to investigate threats, and increasing efficiencies of existing security operations and teams.
Introducing the BlockAPT Platform – From SOAR to SOARX
BlockAPT Platform Central Management Platform approach to Security orchestration, automation and response goes beyond existing SOAR offerings because of the platform ability to fully manage, monitor, automate, and orchestrate complex network and security ecosystems from the single pane of glass. Call it SOARX. The key differentiators include:
- Open Application Programming Interfaces (APIs): The BlockAPT Platform offers a flexible framework using open APIs that are extensible, scalable, modular, and wrapped into a unified and intuitive GUI. The platform can be deployed within an hour in cloud infrastructures such as Microsoft Azure, Google Cloud Platform, and Amazon Web Services (AWS). The platform can also be deployed on-premises in Linux, Windows, and Unix Operating Systems. Using a centralised WebUI, the platform allows full central management of network and security devices using push and pull technology, all from a Single Pane of Glass. Using a vendor agnostic approach, BlockAPT Platform provides a simplified way to manage complex network and security devices in multi-vendors infrastructures.
2. Built-In Logging Engine & SIEM Integration: The BlockAPT Platform does not rely solely on SIEM technologies but can also receive logs directly from network and security devices in order to provide data correlation, events reduction, security analytics, threat intelligence, and automated responses. The platform can also integrate with known SIEM vendors such as Splunk and Elasticsearch to receive formatted and unformatted logs for analysis and storage allowing enterprises to maximise their existing SIEM investment.
3. Security Analytics: Logs can be collected directly from network and security devices using syslog or raw feeds but can also be pulled directly from SIEM devices using API Integration. This allows the platforms to parse logs, add context, correlate events, remove noise so that security teams can focus on meaningful events.
4. Automated Software Robots: The ability to provide seamless integration using secure API in a vendor agnostics approach means that onboarding devices to the platform is intuitive and does not disrupt existing ecosystems. The platform is modular which allows organisations to add or remove modules on demand in a Pay-As-You-Use model. Tools such as automated backups and restore, automated configuration migration, automated vulnerability scan, and automated threat response can be added as the need of the organisation change, providing a flexible and smart way to protect against cyber-attacks. Software robots can automate menial security tasks to free up time so that security teams can focus on key security events.
5. Single Pane of Glass: A single command and control platform that allows you to monitor, fully manage, automate, and orchestrate your existing network and security ecosystem. The integration using APIs is not limited to network and security devices but can also be extended to support IoT devices.
6. Playbooks and automated rulesets: Rules provide a way to create automated software robots that can be adapted for the task at hand and can scale at the enterprise-wide level to assist the security operations team as well as CxO level executives with fast decision making. A Return of Investment (ROI) calculator is built-in into the platform providing a simple and intuitive dashboard to show ROI statistics of the existing network and security infrastructure as the platform actively takes action to defend the organisation against active cyber attacks.
Full Stack Cyber Defence Platform
SOARX Consulting experience acquired from working closely with leading organisations in banking, finance, Telecom, gaming, gambling, etc, means that our expertise in designing and implementing state-of-the-art cyber defence systems has given us a unique insight in the ongoing security challenges facing enterprises.
Our approach to security is to arm organisations with a defence-in-depth framework that combines people, technology, and processes, all working together in a unified manner. Our BlockAPT Platform Central Management Platform brings together existing and disjointed network and security ecosystems for better integration in order to drive huge efficiencies and cost savings within enterprise security operations.
Our current version of the platform is already helping our clients in various sectors such as gaming, gambling, banking/financial services, and manufacturing to drive down the costs of security operations by more than 70%, and to get the best out of their existing security investment.
From a single pane of glass, our clients can fully manage, monitor, automate, and orchestrate their entire network and security ecosystems. Our growing list of leading network and security vendors include F5 Networks, Cisco, Palo Alto, Juniper, Splunk, Qualys, Jira, Kemp, EdgeNexus, Cloudflare, Stella Blockchain, etc.
The BlockAPT Platform is helping organisations get the best out of their existing network and security infrastructure by significantly improving the Mean Time To Detect (MTTD), and Mean-Time-To-Respond (MTTR) and given them the confidence to respond faster to security incidents.
To learn more about the BlockAPT Platform Central Management Platform or to request a demo please visit our website or social media site:
References: https://www.comparitech.com/vpn/cybersecurity-cyber-crime-statistics-facts-trends and https://www.enisa.europa.eu/publications/enisa-threat-landscape-report-201  https://www.comparitech.com/vpn/cybersecurity-cyber-crime-statistics-facts-trends and University of Maryland  https://www.gartner.com/en/documents/3895089-emerging-technology-analysis-soar-solution  https://www.comparitech.com/vpn/cybersecurity-cyber-crime-statistics-facts-trends and https://internethealthreport.org/2018  https://www.comparitech.com/vpn/cybersecurity-cyber-crime-statistics-facts-trends and https://securelist.com/new-trends-in-the-world-of-iot-threats/87991
Other Articles By Marco Essomba
- Fully Integrated & Coordinated Cyber Defence Infrastructure
- Single Password Authentication should be banned. Here are 5 reasons why.
- Protect E-Commerce Apps Against Cyber Fraud.
- 7 Proven CyberSecurity Tips For Effectively Fighting Sophisticated DDoS Attacks.
- Protecting Your Digital Assets Against Cyber Attacks. Cyber Criminals Are Probably Winning. Here is why.
- Internet of Things (IoT) — Is Your Business Ready?
- Dilemma: Cyber Security vs. Convenience vs. Usability. I Just Can’t Uninstall WhatsApp. Here is Why.
- Banking-As-A-Service (BaaS) Will Disrupt Banking Whether Bankers Like It Or Not.
- Protecting your network infrastructure and apps against DDoS attacks: Here is how.
- 7 reasons why organisations get hacked.
- What’s the Point of a CISO?
- 7 Lessons I Learned From Investigating A Major Cyber Security Breach.
- The word hacker has been hacked by the media — ‘hackers’ used to be heroes.
- The Rise of SecOpsDevOps.
- Cost to global businesses to cyber crime will reach $2 trillion by 2019! Fight back with best of breed.
- 7 Reasons Why Network Engineers Must Master At Least One Application Delivery Controller (ADC).
- Part 1: General Fights Back Cybercrime in NeverHackLand.
- Part 2: General Fights Back Cybercrime in NeverHackLand.
- 7 Awesome Skills That Will Make You Stand Out As A Network Security Engineer.
- Are you preparing for your Cyber Essentials Certification? Here are 7 tips to help you pass the certification at the first attempt!