October 24, 2023
Blumira’s SIEM and XDR solutions provide thoughtfully crafted automated detections and security recommendations seamlessly integrated into the platform. The incident detection team tirelessly perfects these automated findings, ensuring any user can easily investigate them.
Sometimes customers need additional guidance investigating an incident. This is where Blumira’s Security Operations team provides their expertise. They excel at security incident investigations and clear communication. The team ensures customers understand the raw data by explaining it in relatable terms, and providing abundant relevant details to resolve investigations smoothly.
I wanted to share some recent examples that demonstrate the tremendous value our Security Operations team brings to our partnerships. Having an experienced security team as an extension of your own is a major advantage in the SIEM market.
Anomalous Server Path Access From a Foreign Attacker
We discovered one financial customer was targeted by an attacker in Ireland attempting to access their internet-facing conferencing server. We rapidly identified the geographic source and recommended geo-blocking Ireland, assuming it would not affect business.
This evolved into a more nuanced geo-blocking policy, shrinking the attack surface. We also prioritize finding any high-severity vulnerabilities on exposed servers or software. While internet scanning occurs constantly, some require joint prioritization based on exploitable vulnerabilities.
Password Spraying
Seeing threats like password spraying in our alerts compels us to proactively reach out to customers and offer assistance or additional details around the event. We love keeping our customers safe by investigating security incidents. In this case, it was a real attack. We advised the customer to immediately isolate the infected machine and reimage it.
Windows Admin Account Lockouts
Sometimes customers work through a finding but ask for more information via our ticketing system, which we encourage. Recently a customer asked about our detection of a domain admin account triggering daily lockouts. We happily found this was not malicious but related to a scheduled task using old admin credentials.
In conclusion, I hope this demonstrates the tremendous value of our Security Operations team. Simply put, we love working with our customers, whether that means listening to their suggestions or showing them an unfamiliar Blumira feature. “Keep the questions coming” is our motto! We thoroughly enjoy an open dialogue with everyone we partner with.
