What is SOAR and how can it help you?

Dark.App.Monitor.Cloud

What is SOAR and how can it help you?

SOAR (Security Orchestration, Automation, and Response) is a technology that enables security teams to automate repetitive tasks, aggregate multiple security tools and technologies into one unified platform, and improve the speed and accuracy of incident response. It helps organizations to streamline their security operations and make them more efficient and effective.

SOAR and platforms such as Léargas Security can perform tasks such as:

  • Automating routine and repetitive tasks, freeing up security teams to focus on more complex incidents.
  • Integrating with other security tools, such as SIEMs, firewalls, and endpoint protection solutions, to gather data and automate incident response.
  • Correlating and analyzing data to quickly identify potential threats and prioritize incidents.
  • Providing a centralized and standardized incident response process to improve the speed and efficiency of response efforts.
  • Documenting and reporting on security incidents to improve incident response and to meet compliance requirements.

How does this differentiate from a SIEM?

SIEM stands for Security Information and Event Management, and is a type of software that collects and analyzes security data from various devices on a network to provide a centralized view of security events and to identify potential security threats. SIEMs help organizations to comply with security regulations, detect and respond to security incidents, and monitor the security posture of their networks.

SIEM and SOAR are both security technologies, but they serve different purposes and have different focuses.

SIEMs are designed to collect, store, and analyze security-related data from various sources such as network devices, servers, and applications. The goal of SIEMs is to provide a centralized view of security events and to help detect and respond to potential security threats.

Léargas Security, on the other hand, is designed to automate and orchestrate security-related processes such as incident response, threat hunting, and vulnerability management. Léargas Security provides a platform for security teams to automate repetitive tasks, standardize incident response procedures, and improve the overall efficiency of the security operations.

In summary, organizations may choose Léargas Security that leverages SOAR technology over a SIEM, because Léargas Security offers a more comprehensive and integrated approach to threat detection and response that covers multiple environments, while other platforms are limited to a narrower scope of security events and data.

Will ChatGPT Change Cybersecurity?

The leading question around the Cybersecurity community has been, “Will ChatGPT and OpenAI change Cybersecurity?“.

It’s a great question, as those technologies are far more advanced than most of us expected them to be at this point in time. The answer is, “We aren’t entirely sure, but we have an idea.“.

Even asking ChatGPT for the answer is met with some ambiguity.

“It is possible that ChatGPT or similar language models may be used in the field of cybersecurity in the future. For example, they could potentially be used to generate more realistic and diverse phishing or malware attacks, or to assist in analyzing large volumes of text-based data such as logs or email communications. However, it’s important to note that these models are not inherently malicious and their use in cybersecurity would depend on how they are implemented and controlled by organizations.”

Anyone that has spent time around machine learning or data modeling will agree that all data used to build those models is historical, because that’s how data works. You can’t collect it until it has happened. This understanding helps frame up the possibilities around the potential of ChatGPT and OpenAI.

Created predictions aren’t binary, meaning a “yes” or a “no”, but made in “varying degrees of confidence”.

So, knowing that it can’t do all of the things, let’s look at some of the things that it can, and often, won’t do.

Offensive Capabilities

  • Phishing – It will not automatically write a phishing email. Protections are in place to dissuade the use of the platform for malicious uses. Yes, some protections can be bypassed, but as new tactics are attempted, new protections are put in place.
  • Social Engineering – ChatGPT will create content that could be used in a social engineering campaign, but the effectiveness of that content still comes down to the creativity of the threat actor. It will not fully automate a social engineering campaign.
  • Malware Generation – ChatGPT will happily write an Ansible playbook or other remote management program that can be used in Malware. However, it will not create new vulnerabilities and requests to do so respond with how to defend a system against a particular class of vulnerabilities.

Defensive Capabilities

Also, it can build defenses.

  • Zeek Behavioral Detections – ChatGPT can create detections for malicious events that could occur on networks, such as this detection for beaconing. Beaconing is a common indicator of a successful ransomware event.
  • Windows Event Log Detections – ChatGPT will create detections that will search the Security event log for events that correlate with specific event IDs, then filters the events that occurred in the past day and checks if any events match the criteria. If any events are found, it will output a warning message and display the matching events. Otherwise, it will output a message saying that no suspicious activity was detected.
  • Email Phishing and Ransomware Detections – ChatGPT will build a detection looks for specific keywords in the subject, sender, and body of an email. If the email contains “urgent”, “bank”, “click here”, “password”, and “account” in those fields, it will trigger the detection and print a message indicating that a phishing email has been detected.

As we continue the conversation around ChatGPT and the potential impacts it might have, let’s not lose focus on the positives of this incredible innovation. As shown above, ChatGPT currently provides more positive impact than negative.

Why should I use Léargas Security for data leak detection?

Dark.App.Monitor.Cloud Data leak detection is a technology that helps organizations identify and prevent the unauthorized disclosure of sensitive or confidential information. Léargas automates this process, by leveraging artifacts collected from live network traffic, and automatically scouring data leak sites for those artifacts. Using Natural Language Processing, discovery of data leaks can extend to nearly any part of the open web and dark web, even into social media.

So, why should your organization leverage this service?

  • Monetary Damage: Leaks of sensitive Intellectual Property, have become increasingly more common. With sensitive leaked information and more from Twitter, LastPass, Slack, WhatsApp, InfraGard, it’s clear that no one is immune to a data leak.
  • Compliance: Many industries have strict regulations around the handling of sensitive information, and a data leak can result in significant fines and other penalties. Data leak detection can help organizations stay compliant by identifying and preventing unauthorized disclosures of sensitive information.
  • Reputation: A data leak can damage an organization’s reputation, especially if it involves sensitive information such as customer data or financial records. Data leak detection can help organizations protect their reputation by identifying and preventing leaks before they occur.
  • Security: Data leaks can also compromise an organization’s security, especially if they involve sensitive information such as passwords or login credentials. Data leak detection can help organizations to identify and prevent these types of leaks, which can help to protect against cyber attacks and other security breaches.
  • Cost: Data leaks can be costly, both in terms of the financial impact and the time and resources required to investigate and fix the problem. Data leak detection can help organizations identify and prevent leaks before they occur, which can help reduce the overall cost of data breaches.
Overall, data leak detection is an important tool for organizations that want to protect sensitive information, stay compliant, maintain a good reputation, and reduce the overall cost of data breaches.

With Léargas, data breach and leak detection is not a new service, platform, or product, that acts as an extension of your current defenses. The Léargas service is integrated and tied to the existing data flows and logs.

No extra keys.
No extra reports.
Just results. Try Léargas Today!

Why Do You Need The Léargas Security Platform?

Dark.App.Monitor.Cloud

iLéargas Security brings a proactive approach to threat detection and response. It delivers visibility across all data, including endpoint, network, cloud, and physical security data, while applying analytics and automation to address today’s increasingly sophisticated threats.

With the Léargas Security platform, cybersecurity teams can:

  • Track threats across any source or location within the organization, using Zeek, Suricata, EDR, and nearly any log source available.
  • Apply threat intelligence and behavioral-based detection across all sources of information, including Critical Path Security’s threat intelligence feeds.
  • Track threats across any source or location within the organization, as well as in the cloud.
  • Increase the productivity of the people operating the technology, by leveraging machine learning and artificial intelligence to rule out “false positives”.
  • Get more out of their security investments, by consolidation.

The Léargas Security platform enables organizations to prevent successful cyberattacks, improve their security posture, and reduce risk, as well as simplify and strengthen security processes, through a seamless user interface that incorporates all physical and cyber intelligence.

Benefits –

  • Block attacks with endpoint protection with wire-level analysis: Block malware, exploits, and file-less attacks with integrated antivirus and real-time file analysis on the wire. No endpoint agent? No problem.
  • Gain visibility across all your data sources: Collect and correlate data from any source to detect, triage, investigate, hunt, and respond to threats.
  • Automated reports: Daily Security Log Review (DSLR) reports are automatically generated and provided to the team for daily review and record keeping.
  • Increase productivity: Consolidate security policy management and monitoring, investigation, and response across your physical, network, endpoint, and cloud environments in one pane of glass.
  • Shut down persistent advanced threats: Protect your network against insider attacks, extortion, ransomware, file-less and memory-only attacks, and zero-day malware.
  • Reduce fatigue and potential lost artifacts: Case management integration will directly integrate into Incident Response Platforms, such as IRIS, ServiceNow, and CyberCPR.
  • Trace malicious behavior from the badge swipe to the data exfiltration: Léargas Security correlates all behaviors that permits teams to get to the root cause of security events.

Elastic showcases Léargas Security!

leargas_main

Léargas Security (Léargas is Gaelic for “insight”) provides clients with actionable insights into anomalous or abstract behaviors through the correlation of data gathered from converged security controls: cyber and physical.

Our company carries the concept of actionable, converged data even further with natural language processing and correlation of dark web, social media, TOR, chan, and additional sources in near real time to expose indicators of compromise and threats against customers and partner organizations.

Read More

https://www.elastic.co/blog/leargas-security-chooses-elastic-drops-splunk-to-battle-covid-19-fraud

Real-time Correlation with Vulnerability Scan Metrics

Léargas Vulnerability Telemetry Léargas Vulnerability Telemetry

Léargas is proud to announce its latest platform enhancement; Real-time Correlation with vulnerability scans to further increase the accuracy and confidence of alerts.

Data correlation has always been at the heart of Léargas, and this added functionality makes use of the platform’s foundation to tag alerts and notices on the fly with relevant information from the latest vulnerability scans.

This feature has reduced the number of false positives and increased overall confidence in our notifications and alerts. Additionally, this information becomes immediately available to drive next steps in our escalation and remediation process, enhancing network security and further reducing dwell time of attacks.

Just another way Léargas is providing insight.

Léargas has always been about providing “Insight”. Now, it fights for the world!

leargas_collector

Léargas has always been about providing “Insight”. Now, it fights for the world!

Global events such as the Coronavirus (COVID-19) make all of us targets for cybercriminals. It could be in the form of phishing emails or new targeted scams, these tactics are meant to take advantage of individuals who are understandably concerned about their health and safety of their family during this challenging time.

Additionally, it targets companies that have effectively turned their infrastructure “inside-out” to provide all of the necessary services and data for their now remote-workers to perform at their best. That means weakened firewall rules, mission-critical servers connected to the Internet, and no multi-factor authentication.

This pandemic is challenging for all of us. We all need to adapt to this new reality and look out for one another any way we can. Our mission with Léargas has always been to protect people against threats at the intersection of cyber and the physical world, and this disaster has provided us with the motivation to find new ways to help.

As with any new endeavor, knowledge is key, so we began ingesting atomic indicators around COVID-19/Coronavirus and converting them into an actionable data set for the mitigation of COVID-related digital threats.

Immediately, we found an increase in malicious activity using COVID-19 as a lure to commit cybercrimes by offering urgent information in phishing emails, selling fake “vaccines” and numerous other scams. (Example is shown above)

We remain committed to keeping our clients safe during this pandemic. To that end, we have created a package of detections related to COVID-19 based attacks, which consists of known threat actors, attack methodologies, and how they’re exploiting COVID-19. If you are a Managed Services Partner or have a subscription to Léargas, there is nothing you need to do. The package was deployed and you will receive pertinent alerts as necessary.

Should you not be a subscriber, please reach out to us for more information on gaining access to these preventative measures.

Lastly, we want to provide some additional recommendations:

Recommendations for Our Clients:

Security always starts with the basics. If you aren’t using Léargas, make sure your systems are patched and IDS/IPS signatures and associated files are up to date. Attackers rely heavily on unpatched and out-of-date network configurations.
Keep applications and operating systems running at the current released patch level. If you aren’t sure how to do this, reach out. One of our engineers will share some helpful information to assist you.
Leverage Multi-Factor Authentication! We see more companies breached each day due to the lack of multi-factor authentication than any other attack strategy. With hundreds of data breaches a year, we don’t expect this to decline.
Regrettably, in times like these when so many of us are coming together, there are still a few that will try to tear us apart. Be Aware, keep alert, stay strong, stay together, but stay 6 feet apart, for now.

-PK

MDR: Managed Detection and Response – What you should know!

leargas_main

Legacy Security Information and Event Management (SIEM) is typically the solution for enterprises who need visibility into cyber threats across distributed IT infrastructure, essential to meeting regulatory compliance. However, SIEM solutions are cost-intensive, complex to properly configure, and cumbersome to maintain.

That’s why many companies are now migrating managed security service providers (MSSPs), such as Critical Path Security, who offer rapid deployment and through affordable subscription models.

Managed Detection and Response (MDR) is a Critical Path Security managed security service that detects intrusions, malware, and malicious activity in your network and assists in responding quickly to eliminate and mitigate those threats.

Critical Path Security MDR services have a very light footprint on your network and use a combination of cybersecurity experts and advanced technology to eliminate false positives, identify real security threats, and develop actionable responses in real-time.

While the average time across industries to detect a compromise is over 200 days, Critical Path Security’s service regularly reduces that to moments and therefore minimizes the impact of a security event.

Critical Path Security MDR is a necessity for organizations that have a regulatory requirement to provide effective detection and response. Critical Path Security specializes in the delivery of these services to financial services, government, military subcontractors, retail, and energy.

Typically, these organizations struggle to recruit and retain in-demand security professionals. Unfortunately, these organizations are high-value targets for criminals, making an effective response that much more critical.

The Critical Path Security Services provides:

  • Security experts who act as direct extensions of the organization
  • 24/7 monitoring of events/logs, suspicious activity, and alerts
  • Continuous multi-dimensional, multi-contextual network monitoring
  • Incident Response Recommendations
  • Ongoing Vulnerability Assessments
  • Regulatory compliance reporting

Providing better visibility for Managed IT Providers, Léargas now provides full integration with SentinelOne!

SentinelOne-2

As the needs of endpoint protection continue to evolve and an increase of reliance on Managed IT Providers increases, Léargas Security felt an obligation to build in full integration and support of the SentinelOne Autonomous Endpoint Protection Platform.

As you’ve come to expect from the Léargas Platform, all data consumed from the SentinelOne product is fully-correlated to all network traffic flows (from the MAC address to browser traffic) and external enrichment sources.

Léargas Security and it’s strategic partners will support the lightweight and high-performance for PC, Mac, Linux, VDI. Security in real-time on the device, and fully autonomous.

Additionally, SentinelOne provides a ransomware warranty which provides greater assurance that we’ve got you covered.

Don’t settle for trying to cobble together disparate tools that leave you with blind spots. You deserve better.

NBC/11Alive News interviews Patrick Kelley regarding El Paso

“I’m worried that someone who read that manifesto might come to the church Sunday morning and find the quickest way to get to the stage,” Patrick Kelley, the CEO of Léargas Security said.

“We just felt like we had to,” Kelley said. “We are afraid to go to church. We are afraid to go to the grocery store. We are afraid to drop our kids off at school. And if we have some – any – way that we can make a change, we have to.”

That’s why he started “Léargas” with his business partners in November – to try and find those threats before they strike.

“This is one of those situations where you look around the world and say, ‘it’s terrifying. We have to do something’,” he said.

That’s why he and his group created the program that monitors sites like 8Chan, where the El Paso shooter posted the manifesto attributed to him. The idea is to get the information shooters post online to police before they have a chance to act.