BlockAPT Platform — Strengthening Your Cyber Defence Using the Power of Automation
10 mins read by Marco Essomba, Last Updated July 2020
Growing Challenge of Cyber Threats
The challenges facing enterprises today to protect their digital assets against the deluge of growing cyber threats are well documented. ENISA Threat Landscape Report 2018 found that
“Information theft, loss, or attack is now the prevalent type of crime against organisations, overpowering physical theft, which, until 2017, was the most common type of fraud against corporations for a decade”. 
And according to the University of Maryland,
“Malicious hackers are now attacking computers and networks at a rate of one attack every 39 seconds.” 
Cyber threats are not limited to enterprises as consumers devices used in the Internet of Things (IoT) are also under attack. The Mozilla Internet Health Report 2018 estimates that the number of Internet-connected devices will double from 2015 to 2020 to reach 30 billion devices worldwide  with Kaspersky Lab detecting three times as many malware samples targeting smart devices in the first half of 2018. 
From a technical point of view there is no lack of technology to help organisations defend against the growing cyber threats. What is lacking is a truly coordinated cyber defence infrastructure where people, technology, and processes are working together to provide a consistent and co-ordinated defence-in-depth approach to protect against even the most advanced targeted attacks.
This article covers the fundamentals of SOAR (Security Orchestration, Automation and Response) & MMAR (Manage Monitor Automate and Respond) technologies with an emphasis on how the BlockAPT Central Management Platform differentiates from existing solutions.
The SIEM is Dead. Long Live SOAR & MMAR.
The scale of the challenge in protecting enterprises against the increasing complex and targeted cyber-attacks is escalating as businesses rely more on computer networks to conduct their digital operations. Making sense of the growing number of alerts generated by various network and security devices in order to detect and respond to cyber-attacks in a fast and cost-effective manner before damage is done is what every organisation aspires to. Security Information and Event Management (SIEM) technologies provide a way to manage, correlate, and delivers context from the many alerts generated by normal and abnormal network activities. However, they have their limitation.
SOAR  / MMAR  promises to complement existing SIEM solutions by leveraging the power of automation to add consistency in operational security processes and huge cost savings and efficiencies in the way security operations teams or Security Operations Centers (SOC) are managed.
The Future of Defence-In-Depth is SOAR/MMAR
SOAR is about getting the best out of an organisation existing security defences by leveraging the power of automation and deep integration with SIEM technologies. By extending SIEM solutions, SOAR vendors have evolved to provide the ability to make sense of raw logs and events from Firewalls, Intrusion Detection Systems, Intrusion Prevention Systems, Endpoint Detection Systems, and so on. SOAR technologies allow organisations to organise or group security events, providing a framework and context to automate security processes and to respond to cyber threats faster.
Ultimately, the end goal is to simplify the management of devices, reduce the number of alerts, significantly increase efficiencies, and gain huge improvements in Mean Time To Detect (MTTD) and Mean Time To Respond (MTTR) to cyber threats. From the business benefits point of view, it means getting the best out of your existing security investment both from a technology and human resources standpoint. In some cases, SOAR technologies can increase efficiencies in security operations by more than 80%.
Although SOAR technologies are relatively new compared to more mature security solutions such as SIEMs and firewalls technologies, the benefits to enterprises can be significant. Moreover, SOAR technologies work within an existing security stack of network and security devices. An organization must have reached a certain level of maturity in their security operations to truly benefits from a SOAR solution.
The approach of various SOAR vendors is similar, however, the way they integrate and leverage existing network and security ecosystems remains quite different and diverse across the board. At the core, SOAR vendors focus on enhancing existing SIEM management, creating a uniform and consistent way to investigate threats, and increasing efficiencies of existing security operations and teams.
Introducing the BlockAPT Platform — From SOAR to MMAR
BlockAPT Central Management Platform approach to Security orchestration, automation and response goes beyond existing SOAR offerings because of the platform ability to fully manage, monitor, automate, and orchestrate complex network and security ecosystems from the single pane of glass. Call it MMAR. It goes further by providing a central management interface to command and control complex network and security ecosystems from a single pane of glass using deep API integration. The key differentiators include:
- Open Application Programming Interfaces (APIs): The BlockAPT Platform offers a flexible framework using open APIs that are extensible, scalable, modular, and wrapped into a unified and intuitive GUI. The platform can be deployed within an hour in cloud infrastructures such as Microsoft Azure, Google Cloud Platform, and Amazon Web Services (AWS). The platform can also be deployed on-premises in Linux, Windows, and Unix Operating Systems. Using a centralised WebUI, the platform allows full central management of network and security devices using push and pull technology, all from a single pane of glass. Using a vendor agnostic approach, BlockAPT provides a simplified way to manage complex network and security devices in multi-vendors infrastructures.
2. Built-In Logging Engine & SIEM Integration: The BlockAPT Platform does not rely solely on SIEM technologies but can also receive logs directly from network and security devices in order to provide data correlation, events reduction, security analytics, threat intelligence, and automated responses. The platform can also integrate with known SIEM vendors such as Splunk and Elasticsearch to receive formatted and unformatted logs for analysis and storage allowing enterprises to maximise their existing SIEM investment.
3. Security Analytics & Threat Hunting: Logs can be collected directly from network and security devices using syslog or raw feeds but can also be pulled directly from SIEM devices using API Integration. This allows the platforms to parse logs, add context, correlate events, remove noise so that security teams can focus on meaningful events.
4. Automated Software Robots: The ability to provide seamless integration using secure API in a vendor agnostics approach means that on-boarding devices to the platform is intuitive and does not disrupt existing ecosystems. The platform is modular which allows organisations to add or remove modules on demand in a Pay-As-You-Use model. Tools such as automated backups and restore, automated configuration migration, automated vulnerability scan, and automated threat response can be added as the need of the organisation change, providing a flexible and smart way to protect against cyber-attacks. Software robots can automate menial security tasks to free up time so that security teams can focus on key security events.
5. Single Pane of Glass: A single command and control platform that allows you to monitor, fully manage, automate, and orchestrate your existing network and security ecosystem. The integration using APIs is not limited to network and security devices but can also be extended to support IoT devices.
6. Playbooks and automated rulesets: Rules provide a way to create automated software robots that can be adapted for the task at hand and can scale at the enterprise-wide level to assist the security operations team as well as CxO level executives with fast decision making. A Return of Investment (ROI) calculator is built-in into the platform providing a simple and intuitive dashboard to show ROI statistics of the existing network and security infrastructure as the platform actively takes action to defend the organisation against active cyber attacks.
Visual Playbook Builder For Automation
Full Stack Cyber Defence Platform
BlockAPT consulting experience acquired from working closely with leading organisations in banking, finance, telecom, gaming, gambling, etc, means that our expertise in designing and implementing state-of-the-art cyber defence systems has given us a unique insight in the ongoing security challenges facing enterprises.
Our approach to security is to arm organisations with a defence-in-depth framework that combines people, technology, and processes, all working together in a unified manner. Our BlockAPT Central Management Platform brings together existing and disjointed network and security ecosystems for better integration in order to drive huge efficiencies and cost savings within enterprise security operations.
Our current version of the platform is already helping our clients in various sectors such as gaming, gambling, banking/financial services, and manufacturing to drive down the costs of security operations by more than 80%, and to get the best out of their existing security investment.
From a single pane of glass, our clients can fully manage, monitor, automate, and orchestrate their entire network and security ecosystems. Our growing list of leading network and security vendors include F5 Networks, Cisco, Palo Alto, Juniper, Splunk, Qualys, Jira, Kemp, EdgeNexus, Cloudflare, Stella Blockchain, BlackstoneOne, Fortinet, Stormshield, SentinelOne, ntopng, Kibana/Elastic, Check Point, AlienVault, Microsoft Azure, etc.
The BlockAPT Platform is helping organisations get the best out of their existing network and security infrastructure by significantly improving the Mean-Time-To-Detect (MTTD), and Mean-Time-To-Respond (MTTR) and given them the confidence to respond faster to security incidents. To learn more about the BlockAPT Central Management Platform or to request a trial please visit our website or social media site:
About the Author:
Marco Essomba is the Founder & CTO of BlockAPT. A leading edge UK-based cybersecurity firm empowering organisations with an advanced, intelligent cyber defence platform. The BlockAPT platform allows organisations to Monitor, Manage, Automate & Respond (MMAR) to cyber threats — 24/7. Marco’s passion, expertise and knowledge over 15 years of providing cybersecurity solutions has culminated in the design of our unique BlockAPT platform. Developed over time as a toolkit to help small and large enterprises business security issues, BlockAPT’s platform brings together threat intelligence, vulnerability management, device management and proactive incident response management to help fight the war against cyber attackers.
Company website: https://www.blockapt.com