CyberProof: Risk-Based Managed Security Services for Rapid Threat Remediation
Enterprise CISOs often use Managed Security Solution Providers (MSSPs) to sift through the large number of events and escalate alerts. The problem is that most operate as a black box. There is a lack of transparency and context that limits the proper response. For this, CyberProof created a custom-built orchestration platform that correlates data to enrich alerts with additional information and enable visibility into vulnerability management, detection, and response.
CyberProof has developed SeeMo—a virtual security analyst that leverages its AI investments. SeeMo is a learning Bot who takes on more and more of the threat detection, analysis, and response tasks. “With SeeMo, a customer can automatically enrich event data, identify the most important alerts and accelerate incident response time,” says Velleca.
CyberProof focuses on three measures of cyber security risk and practically uses these measures as the basis of prioritization. These risks are (1) vulnerability risk, (2) detection risk, and (3) response risk. In other words, how vulnerable am I to the most damaging attacks, can I see these attacks when they happen, and how quickly can I respond and mitigate the damage. The MITRE ATT@CK framework is utilized by CyberProof to align these risks down to the attack technique level. In this regard, CyberProof helps its clients evaluate their risks in relation to the well-known kill chain. For a cyber attack to take place, it must go through the entire kill chain. Looking at vulnerabilities using this framework helps customers prioritize their work. “By proactively managing the vulnerabilities, our customers are able to fix the most important vulnerabilities first,” adds Velleca.
One client, a financial institution, was overloaded with vulnerabilities. CyberProof helped this client prevent a potentially disastrous ransomware attack by addressing the most important vulnerabilities first in addition to helping to work down the backlog by adding engineers.
Velleca envisions a future where SeeMo and the CyberProof platform provide clear measures of cybersecurity risk that are used by Board members to understand and make the right decisions on how to manage this risk most effectively—with residual risk being addressed with cyber insurance. “Cyber security is a fast-changing, cold-war-like problem. We believe that, working with the top CSOs, SeeMo can learn and adapt quickly and provide a capability to focus resources in the best way to reduce risk,” concludes Velleca.