© 2022 CyberNews - Latest tech news,
product reviews, and analyses.

If you purchase via links on our site, we may receive affiliate commissions.

Karthik Kannan, Anvilogic: ”the most common and critical mistakes are made well before an incident occurs”

Likewise in the real world, the cyberworld has its own dangers, and there is nothing more important than to react immediately when threats occur. Fortunately, the cyberworld is now protected by thousands of enterprises that provide software that is able to swiftly and efficiently detect threats.

When quality measures in place, hackers don’t have enough time to nose around private data or devices. The good thing is that majority of attacks can be stopped before any damage is made if you’re taking precautions such as setting Two-Factor authentication, choosing strong passwords, or downloading VPN to your mobile device and computer. However, some threats are way harder to detect. Therefore, more robust safety measures are required.

To find out more, we contacted Karthik Kannan, CEO of Anvilogic – a modern SOC platform for threat detection, investigation, and response.

How did Anvilogic come about? What has your journey been like?

Anvilogic is the culmination of years of working in the security industry and repeatedly dealing with the same issues. As business evolves, security operations have been challenged to evolve at the same or faster speed without the resources needed to stay ahead. Anvilogic is made up of like-minded security practitioners that have all lived through this pain, either by seeing it firsthand or by helping customers deal with these obstacles.

Since we all knew there had to be a better way, we came together from across the industry to create a platform solution that addresses security challenges directly impacting businesses. We wanted to provide a solution to help our customers build the foundation to modernize security operations. Providing security professionals with the unified security solutions we know they’ve been looking for – to detect, hunt, triage, and respond better to threats, as well as to give visibility across the ever-evolving attack surface to strengthen and evolve security maturity posture into the future to help accelerate the business.

The excitement felt by solving real challenges for our customers drives our motivation. From the beginning, the Anvilogic modern SOC platform has helped increase overall security coverage and guidance to navigate even the most complex environments. Our customers' passion for using our products is evident when we talk to them, inspiring our team to do more.

Can you tell us a little bit about what you do? What technology do you use to detect and eliminate threats?

Anvilogic provides automation that is essential for security operations centers to build and deploy threat detection techniques to respond effectively. Further, Anvilogic modernizes SOC architectures that have languished in legacy, monolithic, on-premises-oriented styles by bringing them to the cloud, hence making them more scalable, cost-efficient, and future-proofed.

Anvilogic is a modern SOC platform for threat detection and incident response that helps unify and automate security operations across people, processes, and technology. The platform enables security teams to reduce the time, manual effort, complexity, and expertise needed for building detections and managing the overall SOC. By providing AI-driven recommendations and frameworks, like MITRE ATT&CK, teams can continuously assess, prioritize, detect, hunt, and triage to quickly mitigate risk.

Anvilogic SOC platform unifies threat detection and enables security teams to detect, hunt, triage, and respond across hybrid, multi-cloud environments, and security data lakes. Anvilogic’s ability to query across logging platforms, security data lakes such as those built on Snowflake, and integrate alerts from sources like Crowdstrike, Carbon Black, ProofPoint, (and more) can increase security detection coverage, while doing so at lower costs).

Anvilogic can handle schema definition, parsing, extraction, and normalization to support the development of security use cases and provide production-ready detections for faster deployment. Additionally, the platform offers thousands of ready-to-deploy, high-efficacy detections for their organization's daily trending threats and vulnerabilities. The no-code scenario builder allows security engineers to build and deliver uniform detection and reduces the time to build and deploy detection code from days to hours.

Setting up a cybersecurity system can often be lengthy and complicated. What details do you think are often overlooked by organizations?

Cybersecurity programs are simply trying to keep up with the ever-changing business needs, threat landscape, and attack vectors. Teams are asked to do more with less, with no end in sight, making it more difficult. The foundational framework and tools in current security operations centers weren’t created for the world we live in today.

There needs to be a fundamental shift in the foundational security to focus more on threat detections from a behavioral pattern perspective to help determine the entire attack narrative and better detect threats across siloed environments.

Typical tasks that are overlooked include:

  • Data management and on-boarding of complex data sources which require repeated man-weeks of effort and continuous tuning
  • Mapping coverage to frameworks such as the MITRE ATT&CK, which often take expensive consultants weeks to accomplish, multiple times a year
  • Building detection techniques – coding – sometimes across multiple underlying repositories (logging platforms) which require significant coding skills and weeks/months to deploy successfully
  • Understanding the threat landscape vis-a-vis the MITRE ATT&CK framework, and requiring the same individuals to also be good programmers in order to translate the technique into deployable code in the underlying platform(s)
  • Enriching alerts along the entire journey from indicators to actual scenarios (patterns) such that the incident responder does not have to spend days/weeks determining the impact of alerts during the investigation and triage process

Did you notice any new threats arise as a result of the current global events?

Anvilogic’s threat research team, The Forge, is a team of security professionals dedicated to tracking threats and crafting reliable detection strategies for our trusted clients while contributing to our peers in the security industry. The team curates Anvilogic’s detection content Armory, which has 1000s of ready-to-deploy behavioral attack-pattern detections. The team’s Content Development Operations (DevOps) focuses on research, testing, validating, and purple teaming to ensure confidence in our detections.

The Forge is always looking for and creating detections based on daily threats to deliver detections directly within the platform and deliver ML-driven recommendations for the latest threats to deploy based on the organization’s priorities and threat landscape. You can see examples in Anvilogic’s threat report: https://anvilogic.com/threat-reports/ for adversaries like BlackCat Ransomware, REvil, CVE-2022-30190 / Follina: Microsoft Office Zero-Day, and many more.

What measures can companies implement to combat these new threats?

Organizations can improve their overall security posture by gaining visibility across silos and having the ability to continually prioritize and enable their security teams to quickly deploy behavioral attack-pattern detections rather than the typical single indicators of compromise (IOCs).

Even though there are so many options and providers out there, why do you think certain companies and private users still hesitate to upgrade their cybersecurity?

Companies are often entrenched in legacy architectures, and products, and therefore, their methods are constrained by these prior investments. Therefore “bridges” must be provided to help companies migrate away from legacy architectures non-disruptively into newer, cloud-ready architectures.

This is the #1 challenge we find within companies - the inability to get away from legacy choices due to the lack of modern choices that provide a seamless means to upgrade.

In your opinion, what are the most common mistakes organizations tend to make when dealing with the aftermath of an incident?

The most common and critical mistakes are made well before an incident occurs. Keeping up at machine speed is nearly impossible with the manual effort required to determine what caused an incident. With security teams overwhelmed by alerts, it’s challenging to correlate across all potential indicators.

What teams can do better in the aftermath of an incident is to have clear visibility of their detection coverage to more quickly determine the vulnerabilities and cause of an incident, with complete context and connected tightly with the investigation and triage process such that the analysis leads straight to response automation via a ticketing or case management or downstream system like ServiceNow. Having clear visibility and guidance to visualize and attack for better hunting and triage helps remediate and respond to an incident more quickly and in a connected fashion.

What other company processes do you hope to see automated in the next few years?

In addition to continuing to automate the detection, hunting, triage, and response process - we will be continuing to expand and make threat detection and incident response is driven by machine learning to enable teams to make more informed decisions and continually reprioritize based on the organizational requirements without having to sacrifice efficiency. Automation, AI, and APIs will continue to drive the foundation and innovation of the Anvilogic Modern SOC Platform.

Further, the combined knowledge gained from all customers, in an aggregated fashion, with peer-cohort awareness, will be used to implement new threat detection techniques and response playbooks such that practitioners will not have to reinvent the wheel nor operate in first-principles mode when their peers have already experienced and solved the very same problems. In essence, automated collaboration is going to be the next wave.

An automated workflow of detection through response, on modern architecture, on the cloud needs to be the end result of security automation. This automation includes security domain knowledge through the entire workflow, driven by the platform’s security frameworks as well as self-learning from the practitioner community. This is what we are working towards.

And finally, what’s next for Anvilogic?

Anvilogic is looking to enable the next generation of security data lakes on the cloud to help manage and operate such a wide range of moving parts in security operations. Anvilogic also aims to deliver value to the SOC without data engineering hassles and free them from the burden of manipulating underlying tools and alert disparities. To do so there needs to be a unifying SOC platform that will be agnostic to the underlying source or repository, and will solely focus on delivering the required SOC value – visibility, detection engineering automation, hunting automation, and triage automation.

This will lead to smooth downstream response automation into ticketing and/or case management platforms, such as ServiceNow. Further, there is a growing trend to log data and/or alerts into more affordable and scalable, cloud-based security data lakes, such as Snowflake, and this trend will be fulfilled by an agnostic but cloud-ready SOC platform. That platform is Anvilogic.

Leave a Reply

Your email address will not be published. Required fields are marked