Silo gives security team instant access to safe and anonymous environments
The leading human capital management solutions provider employs a holistic approach to security, incorporating SOC, physical security, intelligence and threat analytics, along with network and system security functions under one global umbrella. With tens of thousands of customers across every industry and geography, the company places a premium on security, proactively hiring skilled analysts and practiced leaders with experience in both public and private sectors to help make the enterprise more resilient and responsive to potential threats.
Prior to using Silo, the company’s ability to engage with emerging threats was limited to a handful of trained analysts who used virtual machines to disguise their identities and location. “The scope of their research was extremely limited,” says the threat intel team manager. “It was always passive – we really didn’t have the ability to develop proactive research practices. Today, when we need to engage, we use Silo — all of us, every single day.”
Silo’s anonymity and geolocation features help the team gather and refine information quickly
Alerts can come from any direction: some are generated by third party platforms and tools, others are passed along from the SOC, network and systems security and other teams. Occasionally, the threat intel team comes across a shared tweet that catches their attention and warrants more investigation. Whether working on proactive research projects or reacting to a perceived threat, the intel team defaults to Silo to quickly jump in and start gathering information and evidence.
“Anonymity and geolocation features have had the biggest impact for us,” continues the threat intel manager. “It gives us the ability to quickly set up an environment from any given location and immediately start our research. The speed is exceptional — we no longer need to make sure the VPN is on – Silo instantly places you where you need to be. This is the type of capability you can’t easily replicate without spending a lot of money — it’s a huge value to us.”
Another capability that proved to be particularly valuable to the threat intel team is Silo’s translation tool. “The out-of-band translation is immensely helpful,” explains the team manager. “It doesn’t tip off anyone in the browser that you are looking at them from another location, nobody can see that we are translating the content of their websites. It’s quite beneficial to do a search in a local language, get region-specific results, take a quick impression of what’s there and move on.”
The team routinely uses Silo’s automated collection features, such as Gofer, for context-aware searches. The company’s threat intel analysts were familiar with other open-source tools that allow for automated searches, but unlike Silo, they require a researcher to set up criteria for each individual URL. Silo’s multi-search workflows help save time and allow teams to gather information quicker across multiple sites.
The threat intel team’s primary mission is to enrich threat events with additional intelligence. “The collection phase is only a part of it; then comes processing and analysis,” continues the team manager. “We use the data that we gather with Silo and through other feeds and apply our analytics capabilities and tradecraft to suggest remediation and response actions.”
The threat intel team works closely with Authentic8’s product group to provide feedback and suggest new product capabilities and integrations. They plan to introduce Silo to the SOC team and expand the product’s use throughout the global security organization.