Enhanced Incident Monitoring: From a Limited to Comprehensive View

Tuesday, May 16th, 2023



GRID Active Threat Surveillance now includes an Incident Similarity feature which leverages machine learning to enhance incident management.

As financial institutions become more reliant on technology to streamline daily operations, threat actors are finding more sophisticated ways to exploit vulnerabilities to breach systems and infrastructures. Any cybersecurity event has the potential to harm a company’s information systems, while a cybersecurity incident is a confirmed event like malware infections, phishing attacks, unauthorized access, and data breaches. With the increasing frequency and severity of these cyber attacks, it is crucial for companies to have a comprehensive and well-defined incident management plan in place. Incident management provides a structured approach for identifying, responding to, and recovering from security incidents, thereby minimizing damage and disruption to the organization. A lack of effective incident management can result in lost data, financial losses, legal liabilities, and reputational damage. Therefore, it is essential to have a comprehensive view of an organization’s cybersecurity concerns to better manage and mitigate cyber risks.

DefenseStorm’s mission is to assist financial institutions (FIs) in managing cyber risks effectively and decisively, and incident management plays a critical role in achieving this goal. However, merely monitoring individual incidents provides a limited view of an FI’s cybersecurity concerns. GRID Active Threat Surveillance now includes an Incident Similarity feature which leverages machine learning to enhance incident management by elevating beyond a limited view and providing a comprehensive view of a financial institution’s (FI) incident monitoring requirements. This enables banks and credit unions to gain additional insight into security concerns across their organization, allowing both customers and the DefenseStorm TRAC Services team to promptly investigate, comment on, and remediate incidents that require escalation.

To assess similarity, the Incident Similarity AI model compares two incidents’ IP addresses, text, devices or application names, countries of origin, API keys, hostnames, and associated events. A collaboration between our clients and the DefenseStorm TRAC services team provides a comprehensive view of similar incidents across all FIs managed by our GRID Active Threat Surveillance solution whereas a self-managed FI, could only compare incidents within their own organization. This wide-lens perspective allows users to view and react to emerging patterns and trends more efficiently and systematically.

Incident Similarity is simple and intuitive to use. The Incident Similarity panel on every incident’s page links to the top 3 key incidents GRID Active deems most similar to the incident currently being viewed. An icon next to each incident name indicates whether the ML model considers that incident Very Similar, Similar, or Somewhat Similar based on direct or close matches in both incidents’ key attributes.

Enhanced Incident Monitoring: From a limited to comprehensive view

Users can click on any incident in this panel to view a full preview of the similar incident.

Enhanced Incident Monitoring: From a limited to comprehensive view

By selecting View All Similar Incidents, users can view and filter every similar incident by its level of similarity and date of creation.

Enhanced Incident Monitoring: From a limited to comprehensive view

Viewing similar incidents side-by-side means that the work done in commenting on or remediating an incident is easier and more efficient. For customers, this means making incident handling more effective and, in turn, making our customers’ FIs safer and more risk resistant.

Constantly changing operational environments and ever-vigilant threat actors produce a dynamic cyber risk landscape that demands quick and efficient responses from FIs. Incident Similarity, as part of GRID Active Threat Surveillance, simplifies and expedites the process of identifying, assessing, and responding to cyber threats, reducing financial institutions’ exposure to cyber risk, and making cyber risk management more effortless than ever before.

Greyson Berkley

Greyson Berkley

Software Engineer

Greyson joined DefenseStorm as a Software Engineer in June 2020. She has an interest in front end development and her work focuses on the DefenseStorm GRID Active intelligent data engine and platform. She holds a degree in Computer Science and Mathematics from Seattle University.