The term âAs a Serviceâ is gaining popularity among vendors, IT and cybersecurity managers. After all, if you can turn a cumbersome, siled practice into a service, there are bound to be benefits for everyone involved. In addition, the concept of “As a Service” has proven itself with offers such as SaaS (Software as a Service), PaaS (Platforms as a Service) and IaaS (Infrastructure as a Service), which are all well established in organizations around the world.
However, there is still plenty of room for more âas a serviceâ offerings; This is the case, for example, in the cybersecurity market, where companies struggle to defend their assets against the latest attack vectors by using dozens or more of cybersecurity platforms and products. Naturally, it is these siled security products that often lead to a lack of visibility when an attack surface is overlooked due to all the noise of the cacophony of individual security products.
While this is an untenable situation for large companies, it is a nightmare for small and medium businesses struggling with limited budgets and small teams. This forces cybersecurity teams to seek better ways to manage defenses, making cybersecurity solutions a prime target for âas a serviceâ offerings.
Take, for example, Nominet’s CyGlass, a purely cloud-native âAs a Serviceâ offer in the network and cloud threat detection and response (NDR) market and their NDaaS (Network Defense as a Service) solution. CyGlass aims to break down silos from many cybersecurity products and provide a holistic view of network and cloud traffic, while detecting and revealing activity using machine learning and correlating anomalies with defined policies. to defend against cyber threats.
A closer look at CyGlass
From the start, CyGlass was designed as an easy-to-implement service capable of analyzing the massive volumes of network traffic created by organizations today. Additionally, the service provides additional context to network traffic and intelligently correlates activities with actions, devices and user accounts, comparing them to policies defined by threat intelligence. Simply put, CyGlass transforms the cybersecurity model of discovery, detection and response into a service offering.
Once deployed, CyGlass learns about network conversations, normalizing that traffic and providing insight into network anomalies and risks. This collected information is used to create policies that allow expected conversations to take place and alert when those conversations do not meet standards or violate policy control. Baselines can be created for many network and cloud activities, giving administrators the ability to gain visibility into the network across locations, service providers, and many other elements that participate in a network conversation.
Practice with CyGlass
CyGlass uses the SaaS / PaaS (Software as a Service / Platform as a Service) model, which potentially simplifies deployment since there is no need to deploy or provision proprietary hardware. CyGlass integrates with firewalls, network flow devices, PaaS solutions, and existing directories to collect data and discover network conversations to know what traffic is normal. As a complete SaaS solution, CyGlass does not require the installation of on-premises appliances or software. The service does not require the deployment of agents or the definition of virtual machines.
One of the main capabilities of the product comes in the form of visibility. In other words, by analyzing traffic, Cyglass is able to create real-time asset inventory, detect network blind spots, discover malicious devices, and develop insights into how devices communicate.
Network monitoring is performed on an ongoing basis as part of traffic analysis, ensuring that new devices are discovered in real time and that asset inventories are kept up to date. However, visibility is only part of the overall CyGlass experience.
The product uses its data collection layer to work hand in hand with an AI engine, which in turn leverages machine learning to define, correlate and analyze traffic. The automated analysis generates alerts, which CyGlass calls Smart Alerts. The idea behind smart alerts is to eliminate alert fatigue, which occurs when many false positives are presented in a management console.
CyGlass’s intelligent alert system correlates activities with abnormal events and risky behaviors to provide actionable insights that administrators can act on immediately. Ultimately, smart alerts reduce cybersecurity noise, allowing cybersecurity administrators to focus on real threats.
Administrators also benefit from automated product reports, where reports are automatically generated on structural risks and active or potential threats. However, the product goes one step further and also provides instructions on how to remedy a threat. The reports are comprehensive and explain why a particular threat is important, as well as the impact the threat can have on the organization.
Additionally, policies take the abnormal outputs of the AI ââengine (activities known to be different) and define them in terms of specific threats that can trigger corrective actions to be taken. This is useful for dealing with specific risky events such as lateral movements, malware-based threats, and ransomware attacks.
As most cybersecurity professionals know, cybersecurity is all about risk. Risk comes in many forms, such as risky activities, risky devices, or risky connections. However, measuring risk in a meaningful way has always been a complex endeavor. CyGlass addresses risks with threat scoring, which correlates the level of risk against threats, whether those threats come from network players, cloud threats, or problematic devices. Ongoing product threat scoring helps administrators better understand and assess risk, which in turn helps them prioritize remediation activities.
Both risk and reporting play a critical role in achieving compliance goals. Here, CyGlass incorporates pre-built and automated compliance policies, which enforce compliance rules, while reporting on common compliance issues, such as control effectiveness, objective metrics, and SLA tracking. CyGlass offers assurance reports for NIST, Cyber ââEssentials, FFIEC, NIAC, CMMC, with other ongoing reports.
One of the most critical features that CyGlass offers is the ability of the product to stop threats. CyGlass automated continuous monitoring enables real-time threat discovery and then further definition using the product’s threat intelligence engine. Correlating threat intelligence data with attack surfaces further defines the level of risk and motivates cybersecurity officials to take action against revealed threats. Automated remediation efforts can occur through integrations with firewalls, Active Directory, and DNS security tools.
CyGlass also provides reports to aid in forensic investigations. Product investigation views display trends, in-depth NetFlow activity, and other data, which can be used to reduce the scope of an attack while providing usable evidence for investigators.
Turning security into a silo
CyGlass is successfully transforming what were once siled security services into a platform offering that leverages the âas a serviceâ model. The service covers network and cloud visibility, threat detection and response, and compliance monitoring use cases. The company reports that connecting to a firewall (Fortigate, Sonic Wall, Sophos, WatchGuard, etc.) for the initial data ingestion takes less than 30 minutes and is done 100% remotely. List price is $ 4.99 per user per month with volume discount curves for larger numbers.
With network visibility being so critical these days (SolarWinds, Ransomware, etc.) and the service also spanning cloud systems like Azure, O365, and AWS, CyGlass should be on the shortlist of any midsize or small business looking to strengthen its network. and cloud defenses. Ease of provisioning, along with critical features like smart alerts and remediation steps are an added bonus. All things considered, CyGlass can be a credible argument for replacing a SIEM in most small businesses and making threat resolution easier.