When people are busy, they take shortcuts
Modern businesses run on content, and our customer, maker of a premier content collaboration platform, knows the value of advanced security protocols, intelligent threat detection mechanisms and strict data privacy rules. When security is threatened, the company’s global CERT group, which includes a Security Operations Center (SOC) and an Incident Response team (IR), needs to respond quickly by investigating the nature of the threat, assessing any potential damage, and providing recommendations for strengthening security measures to keep clients’ data safe and prevent operational disruptions.
Balancing the need for safety and quick response times
The company has a suite of detection tools that continuously monitor for incoming threats, along with workflows to capture reports of phishing and other attempts at breaching the security perimeter. The next step for the CERT team is to follow up – investigate if the phishing link is still valid, find out who is behind it, whether the user is being lured to download malware or provide login credentials, etc.
Naturally, clicking on suspicious links and visiting websites that likely house malware is an unsafe practice, and only a few members of the CERT team had been set up with a standalone laptop running a virtual machine and a VPN connection. Other team members worked from their corporate machines. In reality though, even the security engineers with “dirty network access” were inconsistent in leveraging the option. Resetting virtual machines after each use was too cumbersome and time consuming. And when response time is critical and investigators are juggling multiple competing priorities, they often opted to bypass the recommended VPN-based connection and used their regular laptops and browsers to get the answers quickly.
Investigating without risk or fear of retribution
Silo for Research provides a cloud-based online research platform that executes all web code in a secure, isolated environment, without exposing the investigator’s devices to any harmful content. It delivers the same seamless experience as when using an everyday commercial browser, but with full protection, isolation and policy controls — for truly secure and anonymous investigations. In addition to isolation, Silo for Research serves as a robust research platform. It manages and anonymizes identity; provides access to an integrated suite of collection and analysis tools; and enables easy and secure access across the surface, deep and dark web.
Since introducing Silo for Research, the company’s CERT team has been using it daily. When a potential issue is flagged, investigators can quickly perform all necessary steps to get more information, run the threat through intel tools, take screenshots, and attach them to an incident ticket for faster resolution.
Silo for Research is also rapidly gaining traction among their product security teams who investigate potential platform abuse (e.g., credential stuffing & account takeover ), follow up on customer care team complaints, and look into illegal activity and inappropriate content. For them, the most important attribute of Silo is anonymity – being able to disguise their true identity and spoof their location and language settings allows researchers to get closer to perpetrators from around the world, without fear of retaliation or alerting their targets that they are being investigated.
In the near future, the company plans to expand the use of Silo for Research to their legal team, as the means for researching potential copyright and other violations. The CERT team also plans to broaden their use of the tool, adding Dark Web research to their portfolio to help get ahead of bad actors and keep their promise to customers of providing the most advanced, intelligent, and complete security for all their content.