September 9, 2020
Download a PDF copy of the whitepaper
01 Introduction
02 Why Should You Care?
03 Assessment Checklist
04 Blumira: Threat Detection & Response
05 Streamline Your Security Operations
Identify Your Organization’s Security Gaps
These days, what many call the ‘digital transformation’ has accelerated rapidly in an era of remote work. Companies are turning to cloud-based productivity and collaboration tools to enable remote employees to do their jobs efficiently. Many are using personal devices, as well as virtual private networks and remote access gateways to connect securely to networks and data. All of these trends shift visibility and control out of the hands of already-lean IT and security teams, stretched to their limits. Many organizations aren’t even sure what security gaps exist in their rapidly changing environment. When deploying proof-of-concepts, Blumira has found that the average organization has only 10% coverage across all of the essential areas of threat detection and response. To help you understand how to better secure this new world, Blumira has created a threat detection and response gap assessment checklist that you can use to determine where you need additional capabilities.
Digital Transformation & Security
Security Log Repositories
Best practices around security log repositories, configuration, parsing and correlation.
Audit and Compliance
Audit and compliance must-haves, like generated or pre-built reports, and what to audit for compliance.
Critical Incident Detections
Critical incident detections, like lateral movement, common misconfigurations, indicators of data exfiltration and more.
Automated Incident Response
How automated incident response tools like playbooks can help small teams contain threats faster.
Importance of Access
The importance of access to security expertise when you need it, and high availability and reliability of your security solution.
Identify Security Gaps
Why Should You Care?
Threat Detection & Response Assessment
Blumira’s Automated Detection & Response
Why Should You Care?
Doing an assessment can highlight significant security gaps in the area of threat detection and response - but why should you care? Here’s some potential consequences of failure in each essential area:
Logging
Without proper logging and monitoring, you may miss key events essential for security, such as failed logins and misconfigurations that leave your network open to insecure connections.
Audits & Compliance
Building, exporting and delivering security reports periodically for auditors and to meet compliance regulations can take away valuable time from your IT and security teams’ daily duties.
Detection
- Without proper detections, you may miss key security incidents that can help you prevent or quickly mitigate and contain a compromise - such as indicators of lateral movement, data exfiltration and more.
Alerting
Too many alerts results in responder fatigue and a lack of clarity around the most critical alerts your team needs to quickly address in order to keep your organization safe and secure.
Response
Many solutions lack support for incident response, leaving a gap in your security operation workflow. Without response capabilities, organizations must hire costly SOC (security operations center) teams or layer expensive SOAR (security operations, automation and response) software on top of their logging and detection solution(s).
Security Expertise
While automation can help small teams, sometimes you need to do deeper investigation for detection and response - without access to security expertise, organizations can be out of luck.
Monitoring & Availability
If your security solution isn’t designed for high availability and reliability, your organization could miss out on important security detections or delayed response times during any downtime.
Your Assessment Checklist
Logging
Logging and monitoring your IT and security environment are the critical first steps toward real-time insight into potential ongoing threats and attacks.
|
Capability |
Y/N |
Blumira |
|---|---|---|
|
Does the solution in place stack evidence to help reduce the noise from too many alerts? |
|
✔️ |
|
Are only actionable threats identified while reducing or eliminating the noise of non-actionable information? |
|
✔️ |
|
Do you have escalations and notifications when high priority threats are identified? |
|
✔️ |
|
Are you able to notify a responder out of channel (phone call, SMS) in case email is compromised? |
|
✔️ |
|
Do your alerts provide a direct link back to the evidence and details of the threat identified? |
|
✔️ |
Audits & Compliance
By automating report generation and delivery, you can expedite your compliance and audit needs to save your team time and resources
|
Capability |
Y/N |
Blumira |
|---|---|---|
|
Do you currently have a way to easily generate audit reports? |
|
✔️ |
|
Do you have access to pre-built reports available for audit/compliance purposes? |
|
✔️ |
|
Do you currently have a way to schedule delivery of recurring audit/compliance reports? |
|
✔️ |
|
Do you have offsite retention of your security/audit logs? |
|
✔️ |
|
Do you currently audit new domain admin account creation? |
|
✔️ |
|
Does the solution allow logs to be exported in CSV or JSON? |
|
✔️ |
|
Does the solution guarantee that the logs can’t be modified by administrators? |
|
✔️ |
Detection
Effective security programs provide visibility into threats in different areas broadly across your environment, including common misconfigurations, identity-based attacks and more.
|
Capability |
Y/N |
Blumira |
|---|---|---|
|
Do you have a solution that continually monitors for threats across your environment? |
|
✔️ |
|
Do you currently correlate third-party threat intelligence? |
|
✔️ |
|
Do you use third-party threat intelligence to detect threats? |
|
✔️ |
|
Do you have a solution in place that automates threat correlation? |
|
✔️ |
|
Are you able to detect lateral movement across your network with the use of a honeypot? |
|
✔️ |
|
Do you currently actively monitor for threats within your environment? If so, How? |
|
✔️ |
|
Are you able to detect common threats on firewall/border gateways? |
|
✔️ |
|
Are you able to detect common misconfigurations such as internet-accessible RDP or SMB? |
|
✔️ |
|
Do you have visibility into identity-based attacks, such as impossible travel or MFA-based attacks? |
|
✔️ |
|
Do you have visibility into privilege escalation within your environment? |
|
✔️ |
Response
A threat detection platform should help you respond faster by providing easy-to-follow response steps that don’t require a security analyst to interpret.
|
Capability |
Y/N |
Blumira |
|---|---|---|
|
Do you have a solution that enables you to investigate a potential threat by looking into historical logs and data? |
|
✔️ |
|
Do you currently run threat hunting sessions with your team? If so, how often? |
|
✔️ |
|
Do you have a solution that enables you to do threat hunting to investigate potential threats? |
|
✔️ |
|
Do you have a solution that includes prebuilt playbooks with easy-to-follow response steps for common threats? |
|
✔️ |
|
Do you currently perform incident response tabletop exercises with your team? If so, how often? |
|
✔️ |
|
Do you have a solution that includes automated response capabilities, such as network quarantine or blocking a malicious IP address? |
|
✔️ |
|
Do you currently have access to a dedicated incident response team as part of your solution? |
|
✔️ |
|
Does your solution include pre-built reports available for incident reporting purposes? |
|
✔️ |
Blumira: Automated Threat Detection & Response
Designed for easy deployment & use for organizations and IT teams of any size
Blumira’s end-to-end platform offers both threat detection and response capabilities, automating the security operations workflow to enable organizations to defend against threats in near real-time. Its platform supports integrations with major tech and security systems for the broadest coverage. It provides greater security value than traditional SIEMs at an affordable cost and predictable pricing model for the mid-market.
Blumira’s platform eases the burden of alert fatigue, the complexity of log management and lack of visibility across an IT environment. It brings an integrated platform to companies in many different industries struggling to defend against cybersecurity attacks with limited resources and staff.
Blumira allows you to:
Collect & Centralize Security Events
Easily integrate with applications and security tools across your environment, including cloud and on-prem. Blumira’s cloud-delivered service collects and parses security events, logs and alerts for visibility through a single pane of glass.
Respond Quickly With Guided Playbooks
Blumira’s guided and actionable remediation playbooks enable anyone in IT to easily respond to and stop cybersecurity threats – even without security expertise. Our security analysts give you step-by-step response workflows built into Blumira’s platform.
Rapidly Detect Cybersecurity Threats
By correlating log data with continuously updated threat intelligence feeds, Blumira’s platform detects known and suspected cybersecurity threats. It reduces the noise of false-positive alerts with automation and fine-tuning. With Blumira, you can deploy honeypots with the click of a button to detect lateral movement and unauthorized access across your environment.
Report on Security Findings & Activitiess
Blumira’s pre-built searches and reporting help organizations investigate the security threats found within their environment while providing auditors with reports to helpmeet compliance
Automate Remediation
When known cybersecurity threats are detected, Blumira’s service allows you to easily implement blocking rules to quickly stop active threats without manual intervention.
Other tools are noisy; we don’t have time to dig through layers & layers of data. Blumira does a good job summarizing detections and giving us advice on how to remediate.”
– Steve Gatton, VP of IT Network, Fechheimer
Blumira provides expertise in understanding alerts. With a limited staff, it’s important that someone has my back – Blumira’s team has a real commitment to its customers.”
– Kevin Hayes, CISO, Merit Network.png?width=98&height=43&name=marit%20(1).png){kind=small}
Streamline Your Security Operations
.png?width=800&height=800&name=img-10%20(1).png)
Deploy in Hours
Failed SIEM deployments can drag on for months and years. Blumira’s cloud-delivered platform is designed for easy deployment in hours for small IT and security teams.
No More Alert Fatigue
Blumira’s automated threat detection and response platform comes with pre-built rules and tuning, sending only prioritized alerts to your team.
.png?width=800&height=800&name=image-11%20(1).png)
Security Expertise
Staffing your own team isn’t always an option. Blumira lets you run lean - while having access to our security team’s expertise when you really need it
Want to Learn More?
See how easy it is to protect your organization from cybersecurity threats with Blumira’s automated threat detection & response solution.
Watch a DemoMore from the blog
View All Posts
Security Trends and Info
13 min read
| April 25, 2024
Blumira Threat Detection Insights: Unveiling the Power of XDR
Read More
Security Trends and Info
6 min read
| April 24, 2024
451 Research: Highlights on Multicloud Security from Voice of the Enterprise
Read More
Compliance Security Frameworks and Insurance
9 min read
| April 23, 2024