Cybersecurity intelligence

With thousands of enterprises relying on the firm’s guidance, the security operations team — part of the global information security organization — is always on high alert. In addition to the immediate threat response and analysis responsibilities, the team has dedicated detection engineers who continuously monitor the global cyberthreat landscape and, when warranted, conduct detailed investigations using Silo for Research.

When the head of security operations first came onboard, the firm didn’t have any specific infrastructure for cyberthreat investigation. Security teams used a service that inspects items from various antivirus scanners and relied on standalone computers for additional research. But this approach required security teams to purchase and maintain a host of separate machines disconnected from the company’s network; and offered no ability to audit research or maintain a chain of custody for the evidence.

“Silo is the fastest way to gather intel on phishing emails,” says the firm’s head of security operations. “We go directly into the threat, get a “smell” test, download its artifacts and grab a few screenshots. We can quickly tell what we are dealing with — a run-of-the mill phishing campaign that’s been going around, or something unique, targeting specific users within our organization.”

Silo for Research gives security engineers a safe platform to analyze links, determine the attackers’ goals, and even open a developer console and run JavaScript to see how the threat is constructed and what it’s designed to do. “We can tell if it’s trying to steal credentials or download malware — and we can run it without the danger of infecting our machines and infrastructure,” continues the security operations head.

Working in tandem with the security operations team, a group of dedicated detection engineers are always on the lookout for threat intelligence. They subscribe to threat feeds, and when an intel related threat is detected, use Silo for Research to enrich the event with additional intelligence. “If they determine that we are dealing with a commodity attack, something we have seen 50 times already, it may not be worth investigating,” explains the head of security operations. “But if it’s something novel or connected to a threat actor that we have been following for a while, we use Silo for Research to take a closer look.”

Occasionally, detection engineers must venture onto the dark web, where it’s even more critical to obscure their real identity and keep assets and infrastructure isolated from the artifacts they interact with. Silo for Research gives researchers secure and anonymous access to all areas of the web, while giving them the tools to efficiently collect data, save it in the cloud, and maintain an audit trail for all discoveries and evidence.