Silo for Research helps maintain anonymity and security of online investigations
For the financial industry, online intelligence is a valuable resource to keep businesses up to date on existing, evolving and future threats, past breaches or hidden caches of compromised, fraud-related data. Thomas B., research analyst, is tasked with gathering cyberthreat research from the far corners of the web. The information gathered helps protect the firm from both targeted and indiscriminate attacks by malware and bad actors.
Prior to deploying Silo for Research, the firm was using a DIY approach by combining consumer browsers, plug-ins and VPN solutions to perform their threat intelligence activities. “We found that our existing perimeter security solutions were blocking locations that we needed to visit on the web, and there was no way to explore them without exposing the rest of the network to potentially malicious threats.” says Thomas B. “We were also using third-party vendors and business partners to outsource malware analysis, increasing costs and exposing sensitive information that we would have preferred to keep in-house.”
One of the main business drivers for adopting the Authentic8 solution was maintaining the anonymity of online investigators. “Visiting a webpage reveals a lot about the visitor, including their IP address, which can be traced back to the company and jeopardize future intelligence-gathering efforts; so maintaining anonymity is our top priority,” explains Thomas B.
Another top concern for the organization was infection and compromise from the very same threats they were looking for. “Cyberthreat investigations — without the proper safeguards and precautions — can significantly increase network risk,” continues Thomas B. “We needed a solution that worked in our environment and provided the logical separation to mitigate just about any malware threat, and Silo’s cloud isolation provides that capability.”
Smooth deployment allows firm to meet their goals
In large organizations, getting approvals to implement a new application can sometimes be harder than implementing the solution itself. “As with any new solution, we had a number of internal departments to coordinate with, educate and gain approval from, before the rollout of Silo for Research,” recalls Thomas B. “Luckily, the solution was very straightforward to deploy across four to five different groups internally, and it is now utilized by multiple teams both inside and outside the security organization.”
Working in the highly regulated financial services industry, the firm is required to provide proof of compliance to both internal and external auditors. Through integration with Splunk, the firm set up a log pipeline to capture all Silo for Research activity, storing the logs within a central repository to meet those compliance requirements.
“A number of key features in Silo for Research have been instrumental in helping us understand the threats that pose the most risk to the enterprise,” adds Thomas B. “With thousands of alerts per month, time to intelligence is critical for making a determination and implementing an effective response. Silo is an all-in-one solution that helps us do that faster and more easily than our previous DIY solution.”
Silo reduces cost, improves time-to-insight
Since the initial deployment, Authentic8 has been instrumental in helping the firm meet their goals. “Now with Silo for Research deployed, we can work around the IT restrictions and can go anywhere we need to go on the internet. We do all of the threat analysis in-house now and don’t have to outsource to anyone. This reduces costs, and more importantly, allows us to make a faster determination of risk to immediately verify the threat mitigation strategies we have in place,” Thomas B. recollects.
With DIY investigation solutions, bad actors and fraudsters were able to profile a researcher’s web visits based on their resources, such as AWS S3 buckets used for storing evidence during collection. Non-attributable platforms such as Silo for Research can use multiple egress locations to protect the identity of the firm, enable encrypted storage in private cloud-based repositories, and keep counterintelligence efforts in the dark.
“Silo has changed the way we approach cyberthreat intelligence, fraud research and other online investigations,” concludes Thomas B. “The cloud-based management and policy framework allows control over Silos’s features and functionality, while the isolation platform as a whole keeps our investigators safe and anonymous online.”