Syntax Cloud Threat Security

Syntax have a solution for Cloud Security.  It is perfect for customers with cloud applications, perimeter network security devices, network infrastructure, hybrid computing environments and server/ desktop estates.

The Problem we solve

Network perimeter security is no longer effective in a cloud world, as compromise is not detected by traditional on-premise security appliances, information security systems or scanning services.

By using phishing and social engineering techniques, attackers are easily bypassing perimeter defences and becoming insiders.

Credential Theft and ‘Pass-the-Hash’ lies behind most cyber-attacks today (1). 81% of hacking breaches leverage stolen passwords (2).

The compromise is not easily identified as the usage appears to be normal – user credentials are often shared between email, applications and data stores, and are susceptible to lateral attacks.

The impact of credential theft is instant and costly – leading to theft of data, reputational loss and targeted whaling attacks.

Customers are looking for cost effective solutions to monitor, alert and investigate compromised systems within their cloud and on-premise estate.

1 Source: Information Age  
2 Source: Verizon 2017 Data Breach Report

Tackling the problem

Syntax and Humio

Syntax Humio+ Cloud Forensics gives you visibility from comprehensive log data and uses forensic analysis to identify and combat credential theft.

Our incident responders are searching for tell-tale signs of infiltration such as IP GEO changes, new forwarding rules, login attempts, DNS reconnaissance, lateral movement, privilege, and domain escalation.

The use of structured techniques to analyse user and entity behaviour – to establish the extent of post-infiltration activity – is an essential part of the assumed breach response.

Importance of file log analysis

Maximum logging is required for maximum visibility and maximum visibility requires real-time observation of comprehensive log data. Humio provides developers and operations teams to send and obtain instant visibility to all their relevant log data to one tool.

Comprehensive logging is critical as it provides the active data pool repository for analysis of transactions, errors and the foundation for incident responders to carry out intrusion detection and forensics.

For this reason, information security experts recommend real-time, comprehensive logging as the foundation for maximising IT security effectiveness.

Humio’s real-time log engine delivers high performance by design. Humio enables unrestricted streaming and ingest of log data to support comprehensive event analysis.

Humio is the only log solution that aggregates logging, provides holistic system visibility to reduce downtime and risk from security threats. Examples of log data sources include Office 365, Azure AD, Microsoft Dynamics, on-premise Windows logs, syslog and JSON.

 

The Solution

Key Features

Realtime Log Management / API

A combination of Humio real- time log management and API based connectors to enable the collection of Microsoft Office 365, AD Security audit and any other cloud system logs

Forensic Capability

the Syntax Humio solution has forensic capability to monitor for suspicious activity, investigation of suspect systems and real-time visibility of potential malicious activity

Next Generation Log Engine

Humio’s next generation log engine delivers real-time performance at a fraction of the cost of legacy log tools or security appliances

Hybrid Capability

The solution can be extended to hybrid deployments and Windows desktop and server estates to monitor for malicious activity and zero-day exploits within the network perimeter

Key Benefits

Multiple Sources

By combining logs from multiple sources including Office 365, Windows and AD servers the solution provides comprehensive system visibility based on detailed log collection and analysis

MTTD Reduction

The solution reduces the Mean Time To Detection (MTTD) of breaches and provides a cost-effective solution for organisations that do not want to implement and manage log management solutions

MTTR Reduction

The Mean Time To Respond (MTTR) is reduced by real-time analysis of logs, identifying and detecting suspicious behaviour at its first instance

Reputational Risk Reduction

The solution reduces the potential reputational risk associated to an in-house phishing attack on its customers

Managed Service

The solution is provided as a managed service with no need to invest in monitoring systems or SecOps resources

 

View the Syntax Cloud Threat Security Infographic