Why our digital presence security needs to evolve

Given the rapid evolution of the digital connected world and its ramifications into all sectors and domains, in hindsight it was only natural for the cyber threats to follow suit. Once an online presence is established, it is to be expected that it will become a potential target for various actors that will try all possible means to profit from its weakness. The consequences are painful, as they bring both material and immaterial losses.

Without delving into all possible classes of cyber threats out there since by the time this story is written a couple new ones will have been identified, we'll point out that terms like zero trust were not invented without a good reason.

Threats can come from every possible angle, via a compromised WiFi device that runs a shady firmware version, through an employee who could not apply the latest security patch to their laptop because they were in a customer meeting, from a firewall port left open or a DNS server with inherent security vulnerabilities, through social engineering or simply because someone was so intent on disrupting your company's activities that they launched a DDoS attack on a scale never seen before.

The more complex the digital presence is, the more attack vectors are there. And it's not just the attack or the data breach itself. Like in a good spy movie script, the ground for it is carefully prepared and obfuscated from regular checks well in advance...

In face of all that, companies respond by employing SOC teams. They deploy and manage SIEM and SOAR platforms to identify and respond to threats as fast as possible, ideally even before they are launched. Since in a digital world things happen faster than the eye could blink, the response needs to happen automatically.

And since early attack symptoms can be negligible or seemingly uncorrelated at first, elaborate pattern matching and anomaly detection using ML models, combined with access to extensive time series data collected from a diverse and increasingly larger set of sources become the weapons of choice.

By this time, the SOC team has been equipped with an arsenal of complex technology assets meant to enforce the company security and fend off potential cyberthreats. They can now focus on defining security policies, constantly tailoring them to the evolution of the cybersecurity landscape, performing forensic analysis, and taking remedy actions in respect to raised security incidents.

Amongst others, in this job they will face limitations coming from the SIEM or SOAR implementations, new threats that require urgent action without the possibility to wait for toolchain components to be updated, or the need to adapt to unfamiliar domains due to changes in company strategy.

How Waylay's low code automation helps you

As a high-performance, low-code / no-code rule-based automation platform, Waylay is well positioned to address the above challenges and enable SOC teams to stay on top of their game. Our approach is summarized by the five simple points below.

  • Design automated security rules visually using no-code / low-code techniques. Waylay enables security experts to directly express their knowledge and intent into automated rules for threat detection and response. In addition to what SOAR playbooks traditionally offer, we provide an abstracted way for using AI / ML models and time series data inside rules, with no coding skills required. Visual testing and simulation are built into the rule designer, ensuring faster iterations and an increased level of confidence.
  • Ensure optimal performance and scalability through serverless functions. Regardless of whether security is applied to OT, IT or both domains, the Waylay platform guarantees fast response times in the order of milliseconds and scalability to millions of monitored endpoints through its use of serverless functions. For IIoT and Industry 4.0 applications this becomes a must, hard to match by most SIEM platforms. 
  • Leverage machine learning and time series data to detect latent threats or the anomalies preceding an attack. Import, use and combine models from the most popular ML platforms as first-class rule elements using the Waylay Bring Your Own Machine Learning (BYOML) capabilities. Identifying compromised IoT devices or unusual access or traffic patterns becomes an intrinsic rule capability, next to the correlation of such events to automatically determine the extent of the threat and invoke the appropriate response. 
  • Integrate faster through lightweight connectors. Whether for custom SIEM event enrichment or for integrating with 3rd party APIs from the rule itself, Waylay allows users to define their own connectors directly from the designer console, using simple Javascript or Python code snippets. 
  • Flexible positioning in the security value chain. Waylay can implement the SIEM functionality on its own or complement an existing SIEM or SOAR deployment by leveraging existing connectors, APIs and time series data to enrich the security context and threat response capabilities. Coupled to our cloud-native deployment capabilities, this ensures a fit for every possible scenario.

Wrapping up

In conclusion, Waylay empowers SOC teams to take full control of company security and be ready for every scenario, present or future, regardless of the domain they need to secure, and with the possibility to leverage the already existing security toolchain.

The low-code / no-code technology enables an agile approach to automating threat detection and response aiming for a reduced reaction time and lower deployment costs, while the BYOML capabilities allow security teams to proactively prepare for and intercept attacks before any harm gets done.