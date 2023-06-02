TEL AVIV, Israel And BOSTON, June 1, 2023 /PRNewswire/ — CardinalOpsthe sensing posture management company, today announced that the Tel Aviv Stock Exchange (TASE) deployed the CardinalOps platform to continuously audit and remediate detection coverage gaps in its Splunk Enterprise Security (ES) instance, reducing the risk of undetected attacks in its Security Operations Center (SOC).

Established in 1953, TASE is an exchange listed since 2019 that plays a central role in the Israeli economy and provides essential market infrastructure for the growth of the economy. TASE members include the largest international banks such as Barclays Bank PLC, Citibank, NA and HSBC Bank PLC; Israeli commercial banks such as Bank Hapoalim BM, Bank of Jerusalem Ltd. and Bank Leumi Le-Israel BM; and Israeli and foreign investment firms such as Jefferies LLC, Merrill Lynch International and UBS Securities Israel Ltd, Excellence, Meitav, IBI and more.

“CardinalOps provides the strategic expertise and automation we need to ensure our SOC operates with maximum effectiveness and efficiency,” said Gil Shua, CISO, Tel Aviv Stock Exchange. “The platform ensures that we always have the right detections for the MITER ATT&CK techniques that matter most to us and, more importantly, it ensures that our detections always work as intended, with minimal false positives and false negatives. .”

According to ESG research, 89% of organizations currently use MITER ATT&CK as a referral source, but many are understaffed and lack the skills to fully operationalize it in SOC. Alternatively, some organizations attempt to identify gaps via manual, time-consuming, and error-prone techniques like spreadsheets.

Using automation and MITER ATT&CK, the CardinalOps platform enables organizations like TASE to continuously identify and fix missing, broken, and noisy detections that lead to coverage gaps, enabling proactive and informed threat defense. related to the risks that concern them the most. .

extinct continued, “With CardinalOps, we have doubled our ATT&CK detection coverage in the first three months alone and are on track to increase detections nearly 10x by the end of this year. “is a huge productivity boost, which also drives cost savings and meets our staffing and budgetary constraints. Plus, it’s an easy-to-deploy SaaS platform, which requires no additional staff to manage and seamlessly integrates with our existing Splunk workflows by allowing us to automatically push pre-customized, pre-validated detections whether new or fixed directly into our Splunk-ES instance.”

“Breach prevention starts with having the right detections,” said Michael MumcuogluCEO and co-founder of CardinalOps. “However, this is a major challenge for most organizations, as sensing engineering is one of the last remaining SOC functions to rely on ad hoc manual processes, tribal knowledge and expert hard-to-hire and retain specialists rather than automated workflows and documented processes, leading to an increased risk of breaching loopholes that attackers exploit to gain initial access, elevate privileges, and remain persistent in the network. We are honored to help defend TASE against the global threat actors who target it on a daily basis.”

Dealing with complexity and constant change

With several thousand servers and over 50 security tools sending various monitoring telemetry to Splunk, the exchange’s SOC team faces significant complexity 24/7.

The team’s complexity challenges are compounded by the ever-changing enterprise attack surface and global threat landscape. According to data from MITER AT&CK, the industry-standard framework for tracking adversary playbooks and behavior globally, there are now over 500 distinct adversary techniques and sub-techniques used to carry out cyberattacks ranging from ransomware to cyberespionage and more. by attacks against critical infrastructure and the number is constantly increasing.

The exchange’s SOC team is responsible for developing and maintaining custom detection rules for the adversary techniques posing the highest risk to the organization based on MITER ATT&CK and the diverse collection of data sources. of the enterprise, including for the latest high-level attacks and vulnerabilities such as the recent Outlook vulnerability and the Follina vulnerability in Microsoft Office.

Equally important, SOC teams are also responsible for ensuring that all detections are properly configured and do not cause excessive noise, as attackers know they can “hide” or blend in with the noise, as the SOC analysts are overwhelmed with loud alerts and often ignore them.

The CardinalOps SaaS platform helps address these challenges by continuously analyzing the enterprise Splunk-ES instance and providing high-fidelity detections to maximize its efficiency.

