Signals: Revolutionising Cyber Risk Quantification through Engineering Innovation
Welcome to this engineering blog, where we share the journey of developing Signals, a groundbreaking concept revolutionising integrating with various security tools. In this article, we explore how Signals transformed complex process of building an integration into simplified and streamlined process. By enabling integration of data from security tools, Signals empower SAFE to offer real-time insights into cyber risk. We’ll also showcase a customer success story, demonstrating how they utilised Signals to enhance their cybersecurity strategy by integrating their security data lake with the SAFE platform. Let’s delve into the core principles behind Signals, the customer’s journey, and their use of Signals for improved cybersecurity.
What is a Signal?
Signals represent the smallest units of information containing valuable insights about an enterprise customer, facilitating risk quantification in SAFE. They consist of a reference to a customer-related entity (machine, identity, or file) and security context that contributes to risk assessment.
Introducing SAFE:
SAFE is our enterprise-wide, objective, unified, and real-time cyber risk quantification platform that addresses the limitations of traditional subjective approaches. By incorporating Signals into SAFE, organisations gain a powerful solution for proactive risk management based on real time automated data collection.
SAFE has out of the box integration with top security tools like Qualys, Tanium, Microsoft Defender for Cloud, GCP SCC, WIZ, AWS, Crowdstrike, SaaS platforms and many more. It collects data about critical system configurations, identifies gaps, and incorporates vulnerability assessment data including CVE identifiers. By correlating with the MITRE ATT&CK framework, SAFE assesses exploit pathways and attack risk. E.g. EDR data enhances risk quantification by analysing endpoint behaviour and compromise indicators. Signals can be of various types like misconfigurations, vulnerability details, WAF, and UEBA data to enhance AI-based breach probability calculations. UEBA data, such as phishing results and security awareness metrics, provide insights into user-related risks for improved risk quantification.
With Signals, organisations that have already invested in collating their security data in a data lake from various security tools, can directly send that into SAFE. This avoids the need for direct integration of SAFE with the tool.
Customer Success Story:
Customers and Signals Implementation: One of our customer, a leading organisation in financial services sector, recognised the need for a unified and objective approach to assess and manage their cyber risks. They saw an opportunity to leverage their existing security data lake and integrate it seamlessly with SAFE to enhance their risk quantification process.
Building the Data Push: Our customer’s engineering team studied the Signals examples provided in various programming languages such as C#, Python, and Node.js in open source repository here — https://github.com/Safe-Security/signal . They adapted the examples to fit their specific environment, incorporating their security data lake and ensuring each generated Signal contained the necessary entity references and relevant security context.
Establishing Data Connectivity: The customer’s team utilised the connectors and augmented it with data from security data lake by using signals. Following the documentation and guidelines in open source repo, they securely transferred Signals data.
Key Outputs in SAFE Based on Signals Input:
SAFE Security provides essential outputs based on Signals input:
- Top Risk Scenarios: SAFE continuously monitors top Cyber Risk Scenarios by correlating all security findings with respective MITRE ATT&CK Tactics, Techniques, and Procedures (TTP). This approach provides organisations with insights into the most critical risks they face.
- Actionable Insights: SAFE generates a prioritised list of actionable insights to help organisations measure, manage, and mitigate identified security findings reported using Signals. This enables organisations to effectively prioritise and address potential risks.
Conclusion:
The journey of building Signals and the success story of our customer highlights the significant advancements in cyber risk quantification. By integrating Signals with SAFE, organisations gain access to objective, real-time insights into their cyber risk landscape. The comprehensive data push process implemented by the customer in example above showcases the power of Signals in enhancing data collection required for risk quantification. We invite you to join us in leveraging Signals and SAFE Security to revolutionise your organisations cyber risk management, prioritise security measures, and proactively protect against potential threats. Together, we can drive engineering innovation and foster a robust cybersecurity ecosystem.
