Continuous Cyber Risk Control

Continuous Cyber Risk Control is a security practice gaining value amongst security practitioners.

One ESI INENDI customer was facing a classical situation most large companies have to deal with; how confident can we be in the efficiency of our SOC & CERT infrastructure and its ability to control our exposition to Cyber Risk?

Overtime, this global company had invested in a highly equipped security infrastructure, outsourced its SOC to a major player in that domain, hired talented people to drive its CERT and was educating the top management on the importance of Cyber Security. They even reached a point in time where the KPIs of this security machinery were pretty good: small number of major attacks, reasonable response time to identified incidents, etc.

Motivated by their drive to continuously improving their Cyber Defense, they asked INENDI to execute a Deep Log Investigation on a large perimeter: 3 months of network activity, over all EMEA offices (+100K machines).

The goals of this investigation were prioritized to target weak signals and important events that had not been detected by the security equipment or that had not been identified as important at the SOC & CERT level.

ESI INENDI's search revealed numerous security breaches left unseen or unmanaged, including advanced botnets. Others related to malware targeting specific populations of employees of the company. Many dangerous, yet unknown, users’ behaviors were spotted as opening the door to malicious activities and were detailed in a way that allowed their integration in the cyber defense systems.

Even with a large and complex network, ESI INENDI proved that Deep Log Investigation is an efficient method for producing the “fresh” information needed to continuously control how a company is exposed to Cyber Risk.