From overwhelm to oversight

Issue 6 2023 Editor's Choice, Cyber Security, Products

Security automation is vital in today’s world, and Microsoft Sentinel is a widely adopted, but complex answer. ContraForce is an easy-to-use add-on that automatically processes, verifies and warns of threats round-the-clock.

Patrick Evans.

In a digital world, cybersecurity is absolutely critical, which is why an increasing number of enterprises are adopting Zero-Trust policies. However, without proper technological assistance, this means that security teams will be forced to individually verify every user, endpoint, and application, adding massively to the amount of work on their plates.

Automation would appear to be the answer, which is why many companies have invested in Sentinel. This is Microsoft’s native security information and event management (SIEM) and security orchestration, automation and response (SOAR) platform, designed to help companies stay ahead of risk.

“The challenge here,” suggests Patrick Evans, CEO of SLVA Cybersecurity, “lies in the fact that despite its robust capabilities, Sentinel is a tool that remains incredibly challenging for end-users to use.”

“Bearing in mind that cybersecurity skills remain at a premium globally, what is really required is a solution that can be used as easily by IT generalists as by experienced cybersecurity professionals. This is why we recommend using ContraForce, a solution designed around this principle and built specifically for the Microsoft environment. Pertinently, it is also an offering that works as well in an organisation of five people or one with 5 000 employees,” he says.

“How ContraForce works,” he explains, “is by leveraging Sentinel to process security data, then using automated security monitoring to verify threats – distilling millions of events into thousands of alerts and then into a handful of incidents. The solution immediately notifies users via email, Teams, or SMS when an alert is verified, thereby providing around-the-clock threat detection and response.”

“The fundamental and critical difference between ContraForce and Sentinel is that the latter requires a security operations engineering team to constantly manage detection engineering, response engineering, and data pipeline management to ensure that data costs being ingested into Sentinel don not get out of control.”

“ContraForce, on the other hand, automates the management of these areas, although access is still provided to an expert team of security engineers – on an on-demand basis – to help modify rules, create custom response actions, and connect any data source required.”

Furthermore, he adds that a ContraForce implementation is seamless, with installation and deployment occurring online within minutes. This is significantly faster than Sentinel and will thus also positively impact the deployment economies of scale in your favour.

“ContraForce works so well,” continues Evans, “because it not only connects to your existing security investments, but also uses artificial intelligence (AI) and machine learning (ML) to immediately adapt to each enterprise’s unique environment. This, in turn, enables it to categorise threats accordingly and respond automatically to incidents as and when then they occur.”

“The solution can also be applied in the Microsoft 365 environment, the full Azure cloud environment, and even across your firewalls and intrusion detection devices, regardless of who provided them. This vendor agnosticism enables IT teams to condense their technology stack into a single dashboard, making existing tools easier to use and allowing them to take action directly from this one screen.”

“In a digital world where the clamour for Zero Trust policies and the demand for around-the-clock threat detection and response is growing, ContraForce makes perfect sense. It is a tool that automates and simplifies much of the cybersecurity process, delivering complete oversight, understanding, and confidence,” he concludes.

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Protect your financial assets from unknown online threats
Products Cyber Security Financial (Industry)
Malicious actors employ a myriad of sophisticated techniques, such as hacking, phishing, spamming, card theft, online fraud, vishing, and keylogging, among others, to exploit unsuspecting individuals and gain unauthorised access to their financial resources.

Automated, real-time traffic analysis and ML-based mitigation
IT infrastructure Products
NetScout Systems has launched Adaptive DDoS Protection for its Arbor Threat Mitigation System (TMS) to dramatically improve the detection of distributed attacks that dynamically change vectors and target numerous destination IP addresses at once.

Stadium security with Panomera
Editor's Choice CCTV, Surveillance & Remote Monitoring Integrated Solutions Entertainment and Hospitality (Industry)
To be able to better identify and track perpetrators and thus reduce financial and non-material damage in a soccer stadium, the operator opted for a video security solution from Dallmeier.

Cyber incidents result in a 9% decrease in shareholder value
News Cyber Security
Aon published its 2023 Cyber Resilience Report, revealing that, on average, a significant cyber incident resulted in a 9% decrease in shareholder value – over and above the market – in the year following the event.

Automated ransomware recovery
Products Cyber Security
Organisations can now automatically recover from ransomware attacks with the capabilities in Cisco XDR, where the company is adding recovery to the response process by including infrastructure and enterprise data backup and recovery vendors.

Turkish university installs IDIS surveillance
CCTV, Surveillance & Remote Monitoring Products
IDIS video streamlines complex surveillance systems for learning institution, upgrading a 350-camera system with 24/7 control room monitoring to transform security for Social Sciences University of Ankara (ASBU).

Best practice tips for strengthening data privacy system
Security Services & Risk Management Cyber Security
International cybercriminals are increasingly targeting South African organizations, making data privacy more difficult to maintain. A standardization expert offers insight to help combat this threat.

AI-powered cyber protection for consumers
IT infrastructure Cyber Security
Acronis Cyber Protect Home Office is designed for the evolving landscape of cyber threats by integrating Acronis' cyber protection and secure backup solutions, combining AI-powered defence mechanisms, robust data backup, remote management tools, and mobile device protection.

What South Africans need to know about smart devices
Technews Publishing Editor's Choice
We live in a world surrounded by smart devices, from our pockets to our driveways and living rooms.

A surge of cybersecurity for the energy sector
Government and Parastatal (Industry) Cyber Security
With a rapid transition towards renewable energy, the energy sector has an increased reliance on technology. This makes it particularly vulnerable with regards to cybersecurity, as it depends on interconnected systems and digital technologies.