CyberSecThreat - Holistic Cybersecurity Monitoring Solutions

Imagine if an attacker gets physical access to OT environment using social engineering, and then directly connect the ethernet cable of PLC to a Raspberry PI equipped with 4G mobile connection, the attacker can get direct control to PLC, stop the production line, cause harm to human or inject malicious command back to SCADA system.

With strategy planning & seamless integration between physical security controls and CyberSecThreat’s security monitoring solutions, SOC can effective spotted abnormalities and potential security incidents.

CyberSecThreat offers hacker’s viewpoints for organization

Many Organizations use “Internal Views” to manage their assets and attack surface. CyberSecThreat provided Cloud Inventory Integration in the first release of security monitoring solutions, which can significantly improve the effectiveness of incident investigation and response. However, this still only provides an “Internal Views” of assets and attack surface and cannot fully discover all unknown or shadow assets. It is not possible to manage security risks without complete visibility.

The approach to conduct penetration testing or red team operation annually provides hacker’s viewpoints, but also create a gap that this viewpoint not updated constantly. CyberSecThreat take further steps to offer viewpoints of hackers by integrating different OSINT resources and external monitoring tools into continuous monitoring process. Therefore, organizations can take required actions before attacker exploit vulnerabilities.

There are tons of interesting information available in OSINT resources, threat intelligence and external monitoring tools. This information includes email accounts available on public internet, SSH ports of testing machines exposed to internet, website defacement, account compromise, previous and current DNS lookups results, SSL/TLS certificate information, access key uploaded to public GitHub repository, leakage of software token, attacker discussing your organization in dark web.

By giving the name of your organization and domain name information as monitoring keywords, we can discover any shadow machines and related domain information. The resulting information can be further fed into our security monitoring solutions, and actionable alerts can be generated to 7x24 SOC. For instance, if SOC team receive an alert regarding AWS access key uploaded to public GitHub repository, SOC can remind developer team to exclude access key during commit process and reset the access key used in production.

CyberSecThreat accelerates organization’s detection and incident response capabilities

While blue team and security team research the behavior and technique used by attacker to improve protection and detection, adversaries also continue advance themselves and becoming stealthier to evade security controls, SOC detection, AI detection and machine learning. APT groups are willing to invest money and time on their targets. For example, attackers paid for cloud security appliance to test their zero-day, hide their C2 infrastructure behind CDN, study red team’s research how to bypass security controls, conduct external reconnaissance & google dorking and conduct research to simulate user’s behavior. Therefore, attackers trend not to trigger any noisy and radar due to aware of the existence of blue team and SOC.

With deep understanding of attacker’s behavior, CyberSecThreat’s security monitoring solutions seamlessly integrate with your 7x24 SOC operation and offers a complete visibility over different viewpoints to prevent data breaches and speed-up incident response.