Stumbling Blocks in Security
The dynamic threat landscape requires significant efforts from security practitioners to let them constantly keep up with the rapidly changing attack vectors. Top companies in various industries, including the financial sector, are facing a lack of SOC team resources for the development of threat detection content while the number of attacks is growing at a dynamic pace. A lot of research needs to be done to cover all recent attacks that are getting more sophisticated with the advance of new technologies used by threat actors. All this has shaped the primary concern of UKRSIBBANK related to the substantial workload of the Information Security department and time restrictions on the research and development of high-quality threat detection content.
UKRSIBBANK was looking for ways to streamline the incident response activities and timely react to all external and internal attacks. Proper coverage of these security operations requires hiring a team of SOC specialists with solid expertise in the field that involves significant financial investments. According to the latest reports, a lot of market leaders are lacking in highly experienced staff in cyber security on the global market, and the financial sector is in dire need of such human resources to withstand the attacks.
One more point that required improvements was maintaining cyber security compliance and automating controls across all regulatory standards. UKRSIBBANK as a PCI DSS compliant financial organization wanted to obtain specific detection content that would meet the related security requirements.
Gained Improvements Through Partnership with SOC Prime
Joining the SOC Prime Threat Detection Marketplace (TDM) community has helped UKRSIBBANK to obtain threat detection content without the need to hire an in-house team of threat hunters and spend significant financial and time resources on their recruitment and maintenance. Leveraging the Premium TDM subscription, UKRSIBBANK has gained an external team of seasoned security professionals who are constantly researching the situation on the market from the cyber attack perspective. SOC Prime team delivers their clients a great deal of detection rules and threat detection scenarios that allow identifying threats at the earliest stages of the attack lifecycle when the company is still unaware of its vulnerabilities.
The SOC Prime TDM platform is being constantly enriched with new threat detection content that resonates with the latest attack vectors. The company is enhancing the platform capabilities on an ongoing basis and is flexible when it comes to changing the content priorities to meet the customers’ expectations. Security practitioners are welcome to request content that is most relevant to their company’s needs, and the members of SOC Prime Team in collaboration with Threat Bounty developers, a crowdsourcing TDM component, are delivering new rules, queries, and parsers that fit the company’s threat profile and regulations, including compliance-specific detection content for the financial sector.
The development of incident response scenarios is a very tough process that requires a lot of human resources. TDM delivers basic scenarios implementing best security practices that can be applied regardless of the company structure and technologies in use. UKRSIBBANK has mainly used ArcSight, Splunk, and the Elastic Stack analytics-based SIEM solutions, and the cross-platform TDM content can be adjusted to various environments based on the company’s preferences. With the embedded Uncoder.io translation tool, detection rules can be easily converted to various SIEM formats, which solves the problem of migration to another back-end environment.
“Aiming to gain the maximum of the Information Security department, the Bank reached out to SOC Prime for consulting and finally bought a subscription for the Threat Detection Marketplace, platform for sharing analytical content. The subscription enabled us to significantly decrease workload of the department employees for creating the analytical content, and put their efforts into investigation of the detected incidents. New valid use cases and detection queries are continuously added to TDM, which gives us an opportunity to minimize time for detection and mitigation of threats.”
Maxim Yashchenko, Head of Infrastructure Security and Training Control Unit
of Information Systems Security Department at UkrSibbank
Moving Ahead with an Innovation-Driven Approach
With the TDM platform, UKRSIBBANK has managed to save time, money, and human resources that were required to deliver proactive threat detection. Being a member of the Microsoft Intelligent Security Association (MISA), SOC Prime is constantly developing new ways to boost cybersecurity tools and operations for security teams that is a driving factor for ongoing partnership. What can be seen as further steps in the company’s partnership with SOC Prime is obtaining more compliance-specific content with relevant tagging for a more targeted content search and prioritizing the list of rules according to the company’s region and industry.
Looking for partnership in the Banking industry?
Join SOC Prime TDM to supercharge your cybersecurity capabilities. Stay safe and let us be on your guard!