CASE STUDY cloud services and infrastructure . With the direct integrations with Okta , Google Workspace , Digital Shadows , Fortinet and AWS , Cybereason XDR automatically surfaces anomalous user behaviour , insider threats and makes it easy to understand the full attack story behind any incident .
The outcome
visibility into global endpoints , but could monitor and understand access to critical applications across cloud and on-premises . For example , if an unknown or Bring Your Own Device ( BYOD ) is being used to access an application , always require Two-Factor Authentication ( 2FA ). Or , if malicious operations have been detected on an asset , automatically limit the associated user ’ s access to critical applications .
Since expanding to XDR in Summer 2020 , the team has gained more visibility , identified multiple suspicious behaviours including MFA bypasses and other Okta intrusion attempts , and has already set up a first Slack notification and response bot to reduce remediation time and efforts . Unlike SIEM tools , Cybereason correlates endpoint telemetry against user identities and access behaviours . This approach detects threats that would otherwise be overlooked as weak signals and greatly accelerates incident triage and investigation times .
In the past , Schneider and his team had used multiple Security Information and Event Management ( SIEM ) tools . The data lake approach didn ’ t meet the company ’ s needs : there were visibility blind spots , manual work when reconciling events and there wasn ’ t a reduction in Mean Time to Respond ( MTTR ). TX Group didn ’ t want to centralise log data in a single place – it wanted a threat detection technology that could secure its Zero Trust deployment and more importantly , take automated responses .
The solution
Since 2018 , TX Group has looked to Cybereason EDR to protect Windows , Mac and Linux endpoints across the company and its subsidiaries . Cybereason was originally chosen for its flexible support for on-premises and air-gapped environments , strong pre-built detection coverage , and because Cybereason exposes Malops ( malicious operations ), a fully correlated narrative and deep context about an attack as opposed to individual alerts and alarms for each detected behaviour .
Schneider continues to update the board at TX Group on the implementation of its agile , Zero Trust security strategy . Because it chose cloud-first , the TX Group team reduced its overall attack surface , friction to end-users and even its number of incidents – in spite of the pandemic and rise in cyber-attacks . Instead of investigating individual alerts and tools , the team is focused on the broader mission : ‘ Which of my users and assets are at risk ? Did our user click on a phish and enter credentials or download malware ? If yes , automate the response where best feasible ’. Both teams are looking forward to expanding the XDR deployment across more TX Group brands and adding new use cases that enable focusing on the relevant chain of events .
We caught up with Andreas Schneider , Group CISO at TX Group , to find out more about the solution and its benefits .
Can you tell us about your role as Group CISO and the scope of your responsibility ?
The two teams worked closely together to extend TX Group ’ s detection and response capabilities across
My mission is simple – make sure that we are not getting hacked . We are the largest private media group
64 INTELLIGENTCIO EUROPE www . intelligentcio . com