Cybersecurity teams always turn to Silo first
When the company’s networks are threatened, the engineering software maker’s cybersecurity team doesn’t waste any time. If a phishing attack is detected by Cofense or another security system, it triggers a SIEM alert, and a suspicious email is immediately forced into quarantine. A threat detection analyst uses Silo for Research to do initial triage, followed by a more detailed investigation by the intelligence and response teams.
Even though the cybersecurity team has several tools that offer analysis for phishing emails, they always turn to Silo for Research first. Silo gives investigators complete protection when visiting phishing sites, so they can do a thorough initial inspection to determine if the site contains malware, is harvesting credentials or is a platform for objectionable content.
If malicious elements are detected, they can be downloaded to Silo for Research cloud storage safely outside of their network perimeter and then transferred to a sandbox for further analysis. With the sheer volume of flagged URLs and alerts that the threat detection team receives, it’s not feasible to run each one through an analysis platform. With Silo for Research, initial triage can be done quickly, and only threats that warrant further investigation continue to full analysis.
Threat intel and response teams use Silo for Research for anonymous investigations
The main concern of the intelligence team is anonymity. When researchers investigate threats, they don’t want to leave any traces of the company’s IP address on sites that they visit. Analysts prefer to keep their presence hidden from the people and organizations they investigate, and their location obscured.
Silo for Research provides a full set of features that help disguise researchers’ identities and intentions. From simulating connections from different locations around the world, to customizing keyboard, language and time zone settings, Silo for Research helps analysts blend in with local traffic to keep their investigations secure and anonymous.
Connecting from various Authentic8 in-region Internet access points also helps analysts get a different perspective on certain threats – some may only target certain regions or appear different depending on the intended recipients’ settings.
With cybersecurity, time is always of the essence, and the team has developed tight workflows using a ticketing system to escalate incidents with maximum efficiency. Silo for Research keeps critical evidence organized using its cloud storage, making it easier to collaborate between teams while preserving the chain of custody.
The software company was first introduced to Silo when the Sr. Director of Cybersecurity and Sr. Manager of Threat Detection joined the team from another company that was using Silo for Research. Since then, Silo has become an integral part of every step of the company’s IT security operations, with detection teams using it daily, and the threat research and remediation teams accessing it multiple times per week.