Powering visibility, intelligence processing and delivery of quality information for SOC teams

Powering visibility, intelligence processing and delivery of quality information for SOC teams

Julien Rodrigues Roque, Threat Intelligence Engineer, ThreatQuotient, says a ‘good enough’ approach to cyber defense is simply no longer acceptable for today’s modern threats.

Today’s cyber threats continue to evolve at pace as adversaries compress the time between initial entry, lateral movement and breach.

At the same time, the rise of generative AI has the potential to lower the barrier of entry for low-skilled adversaries, making it easier to launch attacks that are more sophisticated and state of the art.

The potential for serious business disruptions makes detecting threats quickly and accurately critical to preventing data loss, compliance violations and data breaches, not to mention lost revenue, reputational damage and customer churn.

This means that a good enough approach to cyber defense is simply no longer acceptable for today’s modern threats.

Implementing an effective and robust cyber defense strategy

Likewise, as organisations increasingly move business to the cloud and adopt hybrid and remote working practices, adversaries are advancing their capabilities to exploit this, and abuse features unique to this environment.

As SOC teams look with considerable effort for more efficient ways to implement an effective and robust cyber defense strategy to detect threats with high quality threat intelligence, some teams are now focusing more on Network Detection and Response (NDR) solutions.

Network Detection and Response (NDR) is a cybersecurity solution that continuously monitors an organization’s network to detect cyber threats and anomalous behavior, using non-signature-based tools or techniques and responds to these threats via native capabilities or by integrating with other cybersecurity tools.

The NDR market is still evolving,and organizations are looking to NDR solutions to not only improve their SOC analysts’ efficiency, but to also improve their organization’s response capabilities.

In particular, SOC teams are looking for:

  • An enhanced ability to quickly and accurately detect threats and prevent data loss, compliance violations, and lost revenue.
  • Improved intelligence processing for better visibility of potential threats and business risks.
  • A cybersecurity platform that is easy to maintain, install and use, that simplifies the collection of intelligence and data feeds.
  • The ability to provide customized detection based on a customer’s unique business risks.
  • Network traffic statistics don’t lie. They represent a tangible, factual and reliable source that security analysts can utilize as a base for analyzes

These are some of the reasons why we have teamed up with Sesame*it. A proven leader in Network Detection and Response (NDR) Sesame*it’s Jizô NDR platform quickly and efficiently detects abnormal system behaviors by continuously analyzing network traffic and anticipating threats so SOC teams know as soon as possible what the threat is, and what impact and risk that threat might present.

Utilized by both sides of a SOC operation

Most Sesame*it customers use the Jizô NDR platform in their SOC so they can quickly detect and react if something goes wrong.

Both sides of the operations team – detection and response – use the solution to investigate specific security incidents, threat hunting and response. The benefits of an NDR solution are many and include reduced mean time to detection and reduced mean time to response, improved SOC analyst efficiency, reduced operational costs and reduced operational complexity – ultimately leading to fewer data breaches.

Keen to provide even further value to its customers, Sesame*it wanted to be able to provide more context and to use more intelligence relating to a threat.

As a result, Sesame*it chose to leverage our skills to elevate its position in the market by providing a unique solution in terms of intelligence processing and the quality of information shared.

Today Sesame*it can provide its team with a simplified way of drilling into the complexity of the information, using our ThreatQ Platform to achieve this. The partnership is important to Sesame*it because it is not in the business of developing threat intelligence and it needed to work with a platform to deliver this.

In particular, the capability to easily and simply collect data and intelligence feeds was important.

Likewise, Sesame*it was keen to use a platform that was not only stable, but also automated, and didn’t require human intervention and ThreatQuotient was the best solution in the market to provide this level of service. Sesame*it had previously worked with other TIP vendors but these were not as stable or easy to work with as ThreatQuotient.

From our perspective this partnership is important to us as we can prove the delivery of threat intel into security teams in an automated way and deliver a technical solution that allows customers to benefit from a real detection strategy using this intelligence.

Sesame*it uses ThreatQuotient to collect all the intelligence it needs to create defense scenarios, which are related to the threats most feared by its clients. Our capabilities, such as ThreatQ Investigations and ThreatQ TDR Orchestrator, are key to building specific use cases for Sesame*it customers.

Looking to the future

The global NDR market size was valued at US$ 1723.35 million in 2022 and is expected to expand at CAGR of 18.89% reaching US$ 4868.02 million by 2028.

Powering visibility and intelligence processing will be critical for organisations to stay one step ahead of the adversaries.

As technology continues to evolve and mature, so threat intelligence must parallel and match the innovation of the technology running our organizations.

The same thing can be said for the adversary. With every innovation we achieve, we can expect the adversary to actively seek ways to exploit it.

From the cloud to Kubernetes, from AI to applications and more, as technology gets more complex and provides tremendous operational gains, threat intelligence must continue to evolve to protect the productivity we gain.

Browse our latest issue

Intelligent CIO Africa

View Magazine Archive