What’s an Attack Surface?
Your attack surface is the entire available computing network, resources, and systems that work together in operation to perform a specific business or engineering task. This can range from large distributed IoT/ICS networks, all the way through to the smallest enterprise. Each attack surface is different, evolving, and under strain in some dimension.
Is it SIEM? Is it SOAR?
Great question – SIEM (Security Incident and Event Management) and SOAR (Security Orchestration Automation and Response) are unique single dimensions of the cybersecurity investment by the enterprise. You wouldn’t want to launch scanning tools from your SIEM, and you certainly wouldn’t want your SOAR to host all your mission-critical security information.
CLAW sits a layer higher in the overall security stack.
As an attack surface analysis platform, we consolidate the entirety of the security information and act as a hive mind on where to share, send, or scan within the network. Think of us more as a VOAR (Visualize, Orchestrate, Automate and Remediate) option. 😉
We have too many products already, and we need to shed some OPEX. Does CLAW consolidate products?
We feel you. Too many products, too many alerts, not enough minutes in the day to address them all. We help by making sense or adding context to the flood of triggers and anomalies that your existing tools provide. By consolidating the existing appliance, applications, and agents you already use, we can gain more from the information and make use of the functionality that many cyber security teams are missing out on.
I’ve got a compliance requirement to meet, what can you do?
Depends on the maturity of your security program. If you’re trying to stand up a new method of reporting and triage, we can help make sense of what you’re seeing. If you’re a robust mission-focused threat intel and hunting team, we can harness that raw horsepower and augment your team to be able to close with and meet the adversary head-on, to keep your systems safe, secure, and resilient.
We’re doing regular risk assessments and penetration testing – does CLAW replace that function?
CLAW complements existing structures with routine evaluations on your network’s current health, attack paths available, and routing “white box” assessments.
We have internal tools that we build ourselves to support the mission – can CLAW take this information?
We have a few different ways to harness that data. Use our API to directly feed your CLAW instance with that homegrown goodness, or streamline the existing feed of information based on your own specific requirements.
Pair up that information with our existing playbooks to make the most of the existing tradecraft you have at your disposal, or level up your technology by infusing this with other sources inside of your CLAW canvas.
We’re struggling to find competent, trained individuals to operate existing tools. What can an ASA platform do for us?
Just about everyone is, so you’re certainly not alone in feeling that pinch.
CLAW enables teams to make the best use of their existing talent, by being able to consolidate their product suite into a single view, and share insights. With CLAW, team members can easily level up their peers with a cross-pollinated understanding of the actions and activities that go into daily operations. Additionally, teams can learn more about what the existing sources can tell them by tapping directly into our Reflexes option, and automating and augmenting their existing capabilities.
How is ASA different from ASM?
ASA is the more engaged model of the two.
We’re not hiding information, or shielding our operators from the truth. We provide clear, crisp models that enable the team to get a ground-level understanding of the network, the impediments, and obstacles to their success and ensure that they have a clear grasp on the fundamentals of their security posture.
We do this in two ways – 1) we focus on the operator lenses that are used to synthesize the datasets and data stacks that each team possesses, and 2) we provide the most accurate representation of the information gathered from our enterprise integrations to offer them a realistic model to make more informed and practical decisions in an evolving manner.
What is MSO?
Multiple source overlay is at the core of CLAW. We synthesize multiple data sources in a faster and more efficient way making sure that we extract the best information from the multiple products that our customers have in their environments and map this information to other sources in the same dimension.
MSO represents both a fundamental concept to the cybersecurity industry and also an increase in the state of the art in terms of how we perceive the real intelligence that is occurring at a wire-level inside of the critical networks that are responsible for our modern systems.
Which tools can ASA help us consolidate/reduce/replace?
This depends on the organization’s maturity. Out of the box we’re able to concentrate and corroborate information related to the safety, security, and resilience of the network environment. Where teams have a strong SecOps/SecEng model in use, we can complement it by being able to synthesize a greater understanding of “what” is in the network.
When working alongside a mature and integrated SOC / MSS organization we can see upwards of a 4x reduction in operator load, and a faster, more efficient understanding of threats to, and proximity of exploitation to sensitive systems.
What skill level or seniority is required to operate CLAW?
Anyone can use CLAW out of the box, whether they’re a junior or senior member of your cyber security team. If you’ve ever played most computer games or have any experience with modern cybersecurity concepts, we’ve made great strides to ensure that you’re able to get the most out of our platform.
Even without any training, CLAW can level up your cybersecurity game with the presentation of findings and alerts quicker and with greater accuracy than without any existing SIEM or SOAR products available. CLAW expands the abilities of junior operators and increases the efficiencies of senior operators.
How long does it take to get up and running with CLAW?
Minutes – regardless of whether you’re using our CLOUD offering or our OVA build, both can be set up in minutes and generate intel/events in seconds. This ties with our primary mission of increasing the speed of the analyst.
Is training for CLAW included in package pricing?
We’re dedicated to ensuring each client is equipped with everything they need to get the most out of CLAW. We have a robust documentation and video library where you can enjoy learning about features and tradecraft on your own time. And for those that require a bit more support in getting started, we’re happy to work with you directly to give you what you need to get started. We won’t leave anyone behind.