Introduction

The purpose of this paper is to provide decision makers the information they need to evaluate the potential financial impact of CyberStash Managed Network Detection and Response (NDR) Service powered by its eclipse.xdr platform.

Prior to using the CyberStash Managed Threat Intelligence Gateway Service, customers used manual processes to proactively block threats based on threat intelligence data by utilising a Threat Intelligence Platform (TIPs) or a Security Information and Event Management (SIEM) platform.

Additionally, customers used manual processes to prepare and implement changes on their corporate firewalls, web proxy servers and e-mail gateways. These prior efforts returned limited success, with customers unable to scale their labourexhaustive security practice in cost-effective ways. However following an investment in the CyberStash Managed Network Detection and Response Service, in addition to the immediate risk-reduction, customers were able to benefit from the native threat-feed integration, in-line data correlation, and automated threat detection and incident response.

The primary reason organisations subscribe to the CyberStash Managed Network Detection and Response Service, and also the primary benefit, is that it enables them to detect and block threats that their existing network security controls miss, such as fire-walls, web proxy servers, endpoint security solutions, mail gateways and intrusion prevention systems. The service effectively guarantees an immediate reduction in the level of exposure to a massive number of cyber-attacks.

The success rate for our service in demonstrating return on investment (ROI) is extremely high. This is because the vast quantity of threat intelligence data that we use to block attacks is typically not provided by existing security solutions. We guarantee that we can also detect and block incremental threats, thus providing organisations with continual benefits realisation.
   

These benefits pairs nicely with the relatively affordable cost of our service, not only in terms of the actual cost of the solution but also that it is simple to deploy, highly automated, and doesn’t add material overhead to client teams because we deliver it as an end-to-end solution packaged with a managed service.

In conclusion, the combination of our platform and service manifestly reduces cyber risk and adds substantial value very quickly without introducing significant overhead.

This business case focuses on the importance of using a Defence in Depth security architecture and substantiates the value of using threat intelligence to effectively manage the type of cyber risks faced in today’s threat landscape. By comparing our blocking-methodology solution and service with those of Threat Intelligence Platforms (TIPs), which require manual human effort to investigate and apply proactive blocking policies, we can clearly demonstrate the efficiencies gained when using our CyberStash Managed Network Detection and Response Service.

Customers can expect the following benefits when using CyberStash Managed Threat Intelligence Gateway Service:

  • Risk adjustment – a lower risk profile
  • Security team efficiency gains – frees up existing resources
  • Cost savings – avoids manual processes to setup and maintenance the platform
  • Reduced time to deploy and integrate – realise benefits from day 1

Business Case

Defence in Depth

Defence in Depth is a comprehensive approach to cybersecurity that recommends using a combination
of layers to protect critical data and block threats. This deliberate multi-layered approach increases the
security of the system as a whole and addresses many different attack vectors. Defence in Depth was originally a military strategy that aimed to slow down or delay the advance of an attacker rather than using
immediate retaliation with one line of defence. As business and technology have evolved, it’s become
increasingly apparent that the same strategy can be equally effective for managing cyber risk.

Layering security defences reduces the chance of a successful attack. Incorporating redundant security
mechanisms requires an attacker to circumvent each mechanism to gain access to a digital asset. For example, a software system with authentication checks may prevent an attack that has subverted a firewall.
Moreover, to minimise the risk of a cyber-attack succeeding, you must either prevent the threat or remove
the vulnerability from the system. Having a security strategy that controls both the threat and the vulnerability is a type of defence in depth approach that most effectively minimises risk.

The idea behind defence in depth is to manage risk with diverse defensive strategies so that if one layer of
defence turns out to be inadequate, another layer of defence will hopefully prevent a full breach leading
to business impact.

Currently, most organisations leverage a Nextgen Firewall to control the flow of network traffic. In addition,
the Nextgen Firewall inspects traffic looking for specific threats that target known vulnerabilities. The effectiveness of managing risk by focusing on controlling threats against vulnerabilities is only partially effective
and using a Network Detection and Response helps to minimise the security gaps outlined in the table
below.