Syntax Cloud Threat Security
Syntax have a solution for Cloud Security. It is perfect for customers with cloud applications, perimeter network security devices, network infrastructure, hybrid computing environments and server/ desktop estates.
The Problem we solve
Network perimeter security is no longer effective in a cloud world, as compromise is not detected by traditional on-premise security appliances, information security systems or scanning services.
By using phishing and social engineering techniques, attackers are easily bypassing perimeter defences and becoming insiders.
The compromise is not easily identified as the usage appears to be normal – user credentials are often shared between email, applications and data stores, and are susceptible to lateral attacks.
The impact of credential theft is instant and costly – leading to theft of data, reputational loss and targeted whaling attacks.
Customers are looking for cost effective solutions to monitor, alert and investigate compromised systems within their cloud and on-premise estate.
Tackling the problem
Syntax and Humio
Syntax Humio+ Cloud Forensics gives you visibility from comprehensive log data and uses forensic analysis to identify and combat credential theft.
Our incident responders are searching for tell-tale signs of infiltration such as IP GEO changes, new forwarding rules, login attempts, DNS reconnaissance, lateral movement, privilege, and domain escalation.
The use of structured techniques to analyse user and entity behaviour – to establish the extent of post-infiltration activity – is an essential part of the assumed breach response.
Importance of file log analysis
Maximum logging is required for maximum visibility and maximum visibility requires real-time observation of comprehensive log data. Humio provides developers and operations teams to send and obtain instant visibility to all their relevant log data to one tool.
Comprehensive logging is critical as it provides the active data pool repository for analysis of transactions, errors and the foundation for incident responders to carry out intrusion detection and forensics.
For this reason, information security experts recommend real-time, comprehensive logging as the foundation for maximising IT security effectiveness.
Humio’s real-time log engine delivers high performance by design. Humio enables unrestricted streaming and ingest of log data to support comprehensive event analysis.
Humio is the only log solution that aggregates logging, provides holistic system visibility to reduce downtime and risk from security threats. Examples of log data sources include Office 365, Azure AD, Microsoft Dynamics, on-premise Windows logs, syslog and JSON.
Realtime Log Management / API
A combination of Humio real- time log management and API based connectors to enable the collection of Microsoft Office 365, AD Security audit and any other cloud system logs
the Syntax Humio solution has forensic capability to monitor for suspicious activity, investigation of suspect systems and real-time visibility of potential malicious activity
Next Generation Log Engine
Humio’s next generation log engine delivers real-time performance at a fraction of the cost of legacy log tools or security appliances
The solution can be extended to hybrid deployments and Windows desktop and server estates to monitor for malicious activity and zero-day exploits within the network perimeter
By combining logs from multiple sources including Office 365, Windows and AD servers the solution provides comprehensive system visibility based on detailed log collection and analysis
The solution reduces the Mean Time To Detection (MTTD) of breaches and provides a cost-effective solution for organisations that do not want to implement and manage log management solutions
The Mean Time To Respond (MTTR) is reduced by real-time analysis of logs, identifying and detecting suspicious behaviour at its first instance
Reputational Risk Reduction
The solution reduces the potential reputational risk associated to an in-house phishing attack on its customers
The solution is provided as a managed service with no need to invest in monitoring systems or SecOps resources