We have been involved in two major cyber security projects for a large Government ministry:
- the architecture and design of their Cyber Security Operations Capability, and
- designing their Information Assurance and Cyber Security Architecture Principles.
This work has given us a unique insight into the challenges faced by an organisation that is a significant cyber target which we are able to translate for the benefit of our clients who are unlikely to face the level of sophisticated attacks that Government organisations or large tech companies like Google, Amazon, Facebook, Microsoft and Apple face on a continuous basis.
We also liaise with a number of different industry experts to surface their knowledge, expertise and thought leadership for the benefit of the wider community, including our clients.
Companies we have reviewed recently include:
- Aves Netsec
- We have research notes on all four of these companies which are available to our clients on request.
We have been engaged with the implementation of cyber security projects and have developed an approach that scales from the small to large organisation. Our approach is available to our clients to assist them to improve their cyber security posture and reduce the risk of compromise.
User & Entity Behaviour Analysis (UEBA)
User & Entity Behaviour Analysis is a set of techniques that are designed to monitor devices and human behaviours, and put context to them to identify abnormal or malicious activity within a security domain. UEBA is not just a Security Event Monitoring solution, it uses advanced analytics to identify relationships between events that might otherwise go unnoticed.
Vulnerability and Threat Intelligence
There are a number of good sources of information about vulnerabilities and threats that are circulating in cyber-space, some of those that we use are listed below:-
STIX and TAXII
If you are a CISO who is keen to ensure that you can be kept up to date and respond to threats and vulnerabilities as they are discovered you should consider ensuring your cyber security infrastructure can inter-operate using these two standards as a minimum.
Structured Threat Information Expression (STIX) is a structured language for describing cyber threat information so that it can be analysed, shared and stored in a consistent manner.
Trusted Automated Exchange of Intelligence Information (TAXII) is an application ayer protocol used for the communication of cyber threat information in a simple and scalable manner.