Experience the ultimate flexibility with the Isolation API, allowing you to securely Quisque pellentesque id ultrices lacus ornare elit vitae ullamcorper. Learn More

Global security team jumpstarts investigations for faster threat response

The threat intelligence team uses Silo for Research daily to respond to leads and alerts shared by other security groups, conduct proactive research and investigate clues from surface, deep and dark web to refine the company’s understanding of emerging threats and strengthen security posture.
SHARE ON:
Global security team jumpstarts investigations for faster threat response

Silo gives security team instant access to safe and anonymous environments

The leading human capital management solutions provider employs a holistic approach to security, incorporating SOC, physical security, intelligence and threat analytics, along with network and system security functions under one global umbrella. With tens of thousands of customers across every industry and geography, the company places a premium on security, proactively hiring skilled analysts and practiced leaders with experience in both public and private sectors to help make the enterprise more resilient and responsive to potential threats.

Prior to using Silo, the company’s ability to engage with emerging threats was limited to a handful of trained analysts who used virtual machines to disguise their identities and location. “The scope of their research was extremely limited,” says the threat intel team manager. “It was always passive – we really didn’t have the ability to develop proactive research practices. Today, when we need to engage, we use Silo — all of us, every single day.”

"We really didn’t have the ability to develop proactive research practices. Today, when we need to engage, we use Silo — all of us, every single day."

- Threat intel team manager

Silo’s anonymity and geolocation features help the team gather and refine information quickly

Alerts can come from any direction: some are generated by third party platforms and tools, others are passed along from the SOC, network and systems security and other teams. Occasionally, the threat intel team comes across a shared tweet that catches their attention and warrants more investigation. Whether working on proactive research projects or reacting to a perceived threat, the intel team defaults to Silo to quickly jump in and start gathering information and evidence.

“Anonymity and geolocation features have had the biggest impact for us,” continues the threat intel manager. “It gives us the ability to quickly set up an environment from any given location and immediately start our research. The speed is exceptional — we no longer need to make sure the VPN is on – Silo instantly places you where you need to be. This is the type of capability you can’t easily replicate without spending a lot of money — it’s a huge value to us.”

Another capability that proved to be particularly valuable to the threat intel team is Silo’s translation tool. “The out-of-band translation is immensely helpful,” explains the team manager. “It doesn’t tip off anyone in the browser that you are looking at them from another location, nobody can see that we are translating the content of their websites. It’s quite beneficial to do a search in a local language, get region-specific results, take a quick impression of what’s there and move on.”

The team routinely uses Silo’s automated collection features, such as Gofer, for context-aware searches. The company’s threat intel analysts were familiar with other open-source tools that allow for automated searches, but unlike Silo, they require a researcher to set up criteria for each individual URL. Silo’s multi-search workflows help save time and allow teams to gather information quicker across multiple sites.

The threat intel team’s primary mission is to enrich threat events with additional intelligence. “The collection phase is only a part of it; then comes processing and analysis,” continues the team manager. “We use the data that we gather with Silo and through other feeds and apply our analytics capabilities and tradecraft to suggest remediation and response actions.”

The threat intel team works closely with Authentic8’s product group to provide feedback and suggest new product capabilities and integrations. They plan to introduce Silo to the SOC team and expand the product’s use throughout the global security organization.

"The speed is exceptional – we no longer need to make sure the VPN is on — Silo instantly places you where you need to be."

- Threat intel team manager

Related Success Stories

success-story
success story

Enterprise research firm fast-tracks incident response, improves threat investigations

Enterprise research firm fast-tracks incident response and improves threat investigations Despite having a solid security perimeter, the advisory firm continues to encounter phishing emails and ransomware — some common, others targeted specifically at the firm and its assets. Silo for Research…

success-story
success story

Silo for Research helps content platform provider stay on top of threats and curb illegal activity

Silo for Research helps content platform provider stay on top of threats and curb illegal activity Our customer delivers a cloud-based platform for storing, managing and sharing content. Protecting the privacy of their customer’s data is the provider’s top priority, and the company’s CERT team…

Close
Close