The way in which the Swiss security team works when qualifying security events has changed with the introduction of this new solution. The once time-consuming process of analyzing and interpreting logs has been replaced by the Threat Intelligence Center. The IT team now uses this as its environment for analyzing event data taken from the threat analysis, and for security incidents and logs. Baur emphasizes the advantages of working with these advanced investigation components which make it easy to link individual pieces of information together quickly using graphical options and to connect the dots so that their correlation becomes clear.
"Using forensic analyses, the Advisor enables us to search for the cause of the event and not just combat the symptoms. We are able to identify what is really happening on a computer, and moreover, what could have happened,“ explains Baur. Based on the results, the team can decide what is a sufficient response, for example, if it is necessary to set up a new computer or which updates and patches can be quickly imported. "This supports not only our security incident management processes, but it allows us to manage risks as well,“ summarizes the Head of Technology Management.
In addition, the Swiss are using productive threat intelligence functions from the Threat Connect Portal. If Deep Discovery detects suspicious behavior, the IT team can find out here if similar incidents have occurred before. Furthermore, it offers detailed threat categorization and recommendations for containment and elimination.
Although qualifying the events and wading through the mass of detailed information is still difficult and IT employees are still learning how to use the software, the IT team does not need any more resources for these complicated processes than before.
"The solution has already proven itself. We have already been able to detect potential attacks and bugs that we wouldn‘t have detected until later with conventional means,“ reports the Head of Technology Management. Many activities related to awareness are also based on the results produced by the Advisor. These are not just warnings sent to employees when suspicious activity is detected. Deep Discovery reports also show employee activities that could potentially threaten security.
Head of Technology Management at SWICA