IT Security Pro (August 2021) - Security Incident Management using eASIS
The network infrastructure of business is becoming more and more complex with a gradually blurred perimeter. The digital transformation has led to the rapid evolution of information technology, such as cloud computing, big data, Internet of Things, etc. and brought new high productivity in every sector. At the same time, however, it brought great complexity to the network infrastructure.
On the one hand the digital transformation and the cloud services, and on the other hand, the teleworking and COVID-19, drive the services, the data and the companies’ users apart from the traditional mechanisms of the network perimeter protection.
Vertical Solutions of Security Incidents Monitoring and Management, with Netbull eASIS platform
by Nikitas Kladakis - Netbull CEO
The modern business network infrastructure does not have a simple and clearly defined security perimeter, and perimeter-based network security solutions cannot prevent hackers from invading the corporate and / or industrial network. A great example is the hackers attack at Colonial Pipelines.
To deal with these specialized and targeted attacks, Netbull, a pioneer in information security, took a step further and first in Greece, developed the eASIS platform (based on the SIEM IBM QRadar solution) which has vertical modules that cover each productive sector. These modules are:
- Healthcare Module
- Industrial Module
- Maritime Module
- Energy Module
- Water Utilities Module
- Manufacturing Module
The modules utilize multi-level machine learning algorithms to detect malicious activity through behavioral patterns and artificial intelligence technologies from IBM QRadar Advisor with Watson service.
In the event of any threat being detected by these modules, all necessary information related to the attack are forwarded to IBM QRadar Advisor with Watson artificial intelligence service.
(1) initially collects and correlates information from all platform and machine learning services subsystems such as:
- user accounts that have been compromised by the user behavior analysis service
- endpoints occupied by hackers from the endpoint behavior analysis service
- communications with C&C from the network behavior analysis service, etc.
(2) then, through the cloud services of international vendors collects additional information such as:
- The associated threats and the malware family
- The identification of similar and / or previous incidents related to the investigated incident,
- The attack methodology and techniques according to Miter's ATT & CK framework
(3) and finally presents to the analyst the full investigation of the attack within a few minutes.
Our analysts, now having the full picture of the security incident, through the SOAR platform we have, take action and take the necessary actions to suppress it.