BlockAPT Platform — Strengthening Your Cyber Defence Using the Power of Automation

10 mins read by Marco Essomba, Last Updated July 2020

Growing Challenge of Cyber Threats

The challenges facing enterprises today to protect their digital assets against the deluge of growing cyber threats are well documented. ENISA Threat Landscape Report 2018 found that

“Information theft, loss, or attack is now the prevalent type of crime against organisations, overpowering physical theft, which, until 2017, was the most common type of fraud against corporations for a decade”. [1]

And according to the University of Maryland,

“Malicious hackers are now attacking computers and networks at a rate of one attack every 39 seconds.” [2]

Cyber threats are not limited to enterprises as consumers devices used in the Internet of Things (IoT) are also under attack. The Mozilla Internet Health Report 2018 estimates that the number of Internet-connected devices will double from 2015 to 2020 to reach 30 billion devices worldwide [3] with Kaspersky Lab detecting three times as many malware samples targeting smart devices in the first half of 2018. [4]

From a technical point of view there is no lack of technology to help organisations defend against the growing cyber threats. What is lacking is a truly coordinated cyber defence infrastructure where people, technology, and processes are working together to provide a consistent and co-ordinated defence-in-depth approach to protect against even the most advanced targeted attacks.

This article covers the fundamentals of SOAR (Security Orchestration, Automation and Response) & MMAR (Manage Monitor Automate and Respond) technologies with an emphasis on how the BlockAPT Central Management Platform differentiates from existing solutions.

The SIEM is Dead. Long Live SOAR & MMAR.

The scale of the challenge in protecting enterprises against the increasing complex and targeted cyber-attacks is escalating as businesses rely more on computer networks to conduct their digital operations. Making sense of the growing number of alerts generated by various network and security devices in order to detect and respond to cyber-attacks in a fast and cost-effective manner before damage is done is what every organisation aspires to. Security Information and Event Management (SIEM) technologies provide a way to manage, correlate, and delivers context from the many alerts generated by normal and abnormal network activities. However, they have their limitation.

SOAR [3] / MMAR [6] promises to complement existing SIEM solutions by leveraging the power of automation to add consistency in operational security processes and huge cost savings and efficiencies in the way security operations teams or Security Operations Centers (SOC) are managed.

The Future of Defence-In-Depth is SOAR/MMAR

SOAR is about getting the best out of an organisation existing security defences by leveraging the power of automation and deep integration with SIEM technologies. By extending SIEM solutions, SOAR vendors have evolved to provide the ability to make sense of raw logs and events from Firewalls, Intrusion Detection Systems, Intrusion Prevention Systems, Endpoint Detection Systems, and so on. SOAR technologies allow organisations to organise or group security events, providing a framework and context to automate security processes and to respond to cyber threats faster.

Ultimately, the end goal is to simplify the management of devices, reduce the number of alerts, significantly increase efficiencies, and gain huge improvements in Mean Time To Detect (MTTD) and Mean Time To Respond (MTTR) to cyber threats. From the business benefits point of view, it means getting the best out of your existing security investment both from a technology and human resources standpoint. In some cases, SOAR technologies can increase efficiencies in security operations by more than 80%.

Although SOAR technologies are relatively new compared to more mature security solutions such as SIEMs and firewalls technologies, the benefits to enterprises can be significant. Moreover, SOAR technologies work within an existing security stack of network and security devices. An organization must have reached a certain level of maturity in their security operations to truly benefits from a SOAR solution.

The approach of various SOAR vendors is similar, however, the way they integrate and leverage existing network and security ecosystems remains quite different and diverse across the board. At the core, SOAR vendors focus on enhancing existing SIEM management, creating a uniform and consistent way to investigate threats, and increasing efficiencies of existing security operations and teams.

Introducing the BlockAPT Platform — From SOAR to MMAR

BlockAPT Central Management Platform approach to Security orchestration, automation and response goes beyond existing SOAR offerings because of the platform ability to fully manage, monitor, automate, and orchestrate complex network and security ecosystems from the single pane of glass. Call it MMAR. It goes further by providing a central management interface to command and control complex network and security ecosystems from a single pane of glass using deep API integration. The key differentiators include:

Image for post
Image for post

2. Built-In Logging Engine & SIEM Integration: The BlockAPT Platform does not rely solely on SIEM technologies but can also receive logs directly from network and security devices in order to provide data correlation, events reduction, security analytics, threat intelligence, and automated responses. The platform can also integrate with known SIEM vendors such as Splunk and Elasticsearch to receive formatted and unformatted logs for analysis and storage allowing enterprises to maximise their existing SIEM investment.

Image for post
Image for post

3. Security Analytics & Threat Hunting: Logs can be collected directly from network and security devices using syslog or raw feeds but can also be pulled directly from SIEM devices using API Integration. This allows the platforms to parse logs, add context, correlate events, remove noise so that security teams can focus on meaningful events.

Image for post
Image for post
Image for post
Image for post

4. Automated Software Robots: The ability to provide seamless integration using secure API in a vendor agnostics approach means that on-boarding devices to the platform is intuitive and does not disrupt existing ecosystems. The platform is modular which allows organisations to add or remove modules on demand in a Pay-As-You-Use model. Tools such as automated backups and restore, automated configuration migration, automated vulnerability scan, and automated threat response can be added as the need of the organisation change, providing a flexible and smart way to protect against cyber-attacks. Software robots can automate menial security tasks to free up time so that security teams can focus on key security events.

Image for post
Image for post

5. Single Pane of Glass: A single command and control platform that allows you to monitor, fully manage, automate, and orchestrate your existing network and security ecosystem. The integration using APIs is not limited to network and security devices but can also be extended to support IoT devices.

Image for post
Image for post

6. Playbooks and automated rulesets: Rules provide a way to create automated software robots that can be adapted for the task at hand and can scale at the enterprise-wide level to assist the security operations team as well as CxO level executives with fast decision making. A Return of Investment (ROI) calculator is built-in into the platform providing a simple and intuitive dashboard to show ROI statistics of the existing network and security infrastructure as the platform actively takes action to defend the organisation against active cyber attacks.

Visual Playbook Builder For Automation

Image for post
Image for post

Full Stack Cyber Defence Platform

BlockAPT consulting experience acquired from working closely with leading organisations in banking, finance, telecom, gaming, gambling, etc, means that our expertise in designing and implementing state-of-the-art cyber defence systems has given us a unique insight in the ongoing security challenges facing enterprises.

Our approach to security is to arm organisations with a defence-in-depth framework that combines people, technology, and processes, all working together in a unified manner. Our BlockAPT Central Management Platform brings together existing and disjointed network and security ecosystems for better integration in order to drive huge efficiencies and cost savings within enterprise security operations.

Image for post
Image for post

Our current version of the platform is already helping our clients in various sectors such as gaming, gambling, banking/financial services, and manufacturing to drive down the costs of security operations by more than 80%, and to get the best out of their existing security investment.

From a single pane of glass, our clients can fully manage, monitor, automate, and orchestrate their entire network and security ecosystems. Our growing list of leading network and security vendors include F5 Networks, Cisco, Palo Alto, Juniper, Splunk, Qualys, Jira, Kemp, EdgeNexus, Cloudflare, Stella Blockchain, BlackstoneOne, Fortinet, Stormshield, SentinelOne, ntopng, Kibana/Elastic, Check Point, AlienVault, Microsoft Azure, etc.

The BlockAPT Platform is helping organisations get the best out of their existing network and security infrastructure by significantly improving the Mean-Time-To-Detect (MTTD), and Mean-Time-To-Respond (MTTR) and given them the confidence to respond faster to security incidents. To learn more about the BlockAPT Central Management Platform or to request a trial please visit our website or social media site:

Website: https://www.blockapt.com/

Twitter: https://twitter.com/blockapt

LinkedIn: https://www.linkedin.com/company/5089841

References:

[1] https://www.comparitech.com/vpn/cybersecurity-cyber-crime-statistics-facts-trends and https://www.enisa.europa.eu/publications/enisa-threat-landscape-report-201

[2] https://www.comparitech.com/vpn/cybersecurity-cyber-crime-statistics-facts-trends and University of Maryland

[3] https://www.gartner.com/en/documents/3895089-emerging-technology-analysis-soar-solution

[4] https://www.comparitech.com/vpn/cybersecurity-cyber-crime-statistics-facts-trends and https://internethealthreport.org/2018

[5] https://www.comparitech.com/vpn/cybersecurity-cyber-crime-statistics-facts-trends and https://securelist.com/new-trends-in-the-world-of-iot-threats/87991

[6] https://www.blockapt.com/wp-content/uploads/2020/05/BlockAPT-Platform-Brochure-Corporate-FINAL.pdf

About the Author:

Marco Essomba is the Founder & CTO of BlockAPT. A leading edge UK-based cybersecurity firm empowering organisations with an advanced, intelligent cyber defence platform. The BlockAPT platform allows organisations to Monitor, Manage, Automate & Respond (MMAR) to cyber threats — 24/7. Marco’s passion, expertise and knowledge over 15 years of providing cybersecurity solutions has culminated in the design of our unique BlockAPT platform. Developed over time as a toolkit to help small and large enterprises business security issues, BlockAPT’s platform brings together threat intelligence, vulnerability management, device management and proactive incident response management to help fight the war against cyber attackers.

LinkedIn: https://www.linkedin.com/in/marcoessomba/

Twitter: https://www.linkedin.com/in/marcoessomba/

Company website: https://www.blockapt.com

Written by

Founder & CTO @blockapt | Helping organisations protect, defend & future proof their digital assets | #Cybersecurity #MMAR #SOAR | **We Are Hiring**🚀

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store