Getting Started - 3 - Customise

This guide is part of a 3 part Getting Started series:

  1. Enable Data Flow
  2. Enhance Data
  3. Customise

This guide aims to help you further enhance your cyber security posture by providing strategies on how to deeply integrate Secure60 into your applications / services / infrastructure.

Completion of this guide will enable the follow benefits across your business:

  1. Deep integration strategies across:

Overview

In this guide we will provide strategies and implementation samples on how to deeply integrate Secure60 into a wide range of scenarios that you may have in your business.

Once you have completed this guide you will have achieved a significant improvement in cyber risk and protection across your most critical IT components.

For deeper guidence we recommend a Threat Modelling process (A great example is available from UK Government NCSC)

Step 1 - Assess cyber risk and focus areas

Before embarking on a deep integration project you should firstly understand which parts of your business are the most critical and also the most likely to need advanced protection.

This information may come from a range of participants:

Once you have a clear set of business or application areas to focus on you can then craft strategies to mitigate cyber risk.


Step 2 - Examine the target application or service

Every application or service in your business has a number of layers that need to be analysed and integrated to offer wholistic protection.

The following list is a starting point of considerations to improve your cyber security posture:

Network

In the realm of cybersecurity and Security Information and Event Management (SIEM), understanding the network is paramount. Networks serve as the foundation for all digital communication and are inherently vulnerable to various threats such as unauthorized access, data breaches, and malicious activities like phishing and malware propagation. Monitoring network traffic and identifying anomalies can help in detecting potential intrusions or suspicious behavior. Furthermore, tracking network activities aids in understanding the flow of data within an organization, which is crucial for identifying potential vulnerabilities and mitigating risks.

Key detection areas to focus on:

Operating System

The operating system (OS) acts as the intermediary between hardware and software, making it a prime target for cyber attacks. Vulnerabilities in the OS can be exploited to gain unauthorized access, execute malicious code, or disrupt system operations. Monitoring OS-level activities within a SIEM solution allows organizations to detect unauthorized access attempts, suspicious processes, and system configuration changes. Analyzing OS logs and events provides valuable insights into potential security incidents and helps in implementing effective security measures to protect against various threats.

Key detection areas to focus on:

Application

Applications play a vital role in business operations, but they also present significant security challenges. Vulnerabilities in applications can be exploited to steal sensitive data, compromise system integrity, or launch attacks against other systems within the network. Monitoring application activities within a SIEM platform enables organizations to detect abnormal behavior, such as unauthorized access attempts, suspicious transactions, or application-layer attacks like SQL injection and cross-site scripting (XSS). Analyzing application logs and events helps in identifying security incidents promptly and implementing appropriate countermeasures to safeguard critical assets and data.

Key detection areas to focus on:

Access

Access control is fundamental to cybersecurity, as unauthorized access to systems and resources can lead to data breaches, financial losses, and reputational damage. Monitoring access activities within a SIEM solution allows organizations to track user authentication attempts, privilege escalation, and unauthorized access attempts in real-time. Analyzing access logs and events helps in identifying suspicious behavior, enforcing security policies, and preventing insider threats. Effective access management ensures that only authorized users have access to the resources they need, reducing the risk of unauthorized access and data breaches.

Key detection areas to focus on:

Endpoint Security

Endpoints such as laptops, desktops, servers, and mobile devices are common targets for cyber attacks. Monitoring endpoint activities within a SIEM solution helps in detecting malware infections, unusual behavior, and potential security breaches. Endpoint security measures such as antivirus software, firewalls, and endpoint detection and response (EDR) solutions play a crucial role in protecting against various threats.

Key detection areas to focus on:

Cloud Security

As organizations increasingly adopt cloud services and infrastructure, securing cloud environments becomes critical. SIEM solutions that support cloud integration enable organizations to monitor and analyze security events across hybrid and multi-cloud environments, detect cloud-specific threats, and ensure the security of cloud-based assets and data.

Key detection areas to focus on:


Step 3 - How to implement detections and controls in Secure60

There are a number of ways to improve coverage inside Secure60 of the above components:

  1. Use the built in Managed Rules
  2. Leverage Entity Analytics
  3. Extend and create your own Rules and detections

Congratulations, You now have achieved a deep integration of Secure60 into your business that has significantly reduced cyber risk to the most critical parts of your business.

For any further questions make sure to reach out to support@secure60.io, We have a team ready to assist with any futher questions

Back to top