Incident Monitoring Enhancement: From a Limited to Comprehensive View

Tuesday, May 16th, 2023


Cyber security risk management solutions from DefenseStorm.

GRID Active Threat Surveillance now includes an Incident Similarity feature which leverages machine learning to enhance incident monitoring and management.

As financial institutions become more reliant on technology to streamline daily operations, threat actors are finding more sophisticated ways to exploit vulnerabilities to breach systems and infrastructures. Any cybersecurity event has the potential to harm a company’s information systems, while a cybersecurity incident is a confirmed event like malware infections, phishing attacks, unauthorized access, and data breaches. With the increasing frequency and severity of these cyber attacks, it is crucial for companies to have a comprehensive and well-defined incident monitoring and management plan in place.

Incident monitoring and management provides a structured approach for identifying, responding to, and recovering from security incidents, thereby minimizing damage and disruption to the organization. A lack of effective incident monitoring can result in lost data, financial losses, legal liabilities, and reputational damage. Therefore, it is essential to have a comprehensive view of an organization’s cybersecurity concerns to better manage and mitigate cyber risks.

DefenseStorm’s mission is to assist financial institutions (FIs) in managing cyber risks effectively and decisively, and incident management plays a critical role in achieving this goal. However, merely monitoring individual incidents provides a limited view of an FI’s cybersecurity concerns. GRID Active Threat Surveillance now includes an Incident Similarity feature which leverages machine learning to enhance incident management by elevating beyond a limited view and providing a comprehensive view of a financial institution’s (FI) incident monitoring requirements. This enables banks and credit unions to gain additional insight into security concerns across their organization, allowing both customers and the DefenseStorm CTS OPS team to promptly investigate, comment on, and remediate incidents that require escalation.

To assess similarity, the Incident Similarity AI model compares two incidents’ IP addresses, text, devices or application names, countries of origin, API keys, hostnames, and associated events. A collaboration between our clients and the DefenseStorm CTS OPS team provides a comprehensive view of similar incidents across all FIs managed by our GRID Active Threat Surveillance solution whereas a self-managed FI, could only compare incidents within their own organization. This wide-lens perspective allows users to view and react to emerging patterns and trends more efficiently and systematically.

Incident Similarity is simple and intuitive to use. The Incident Similarity panel on every incident’s page links to the top 3 key incidents GRID Active deems most similar to the incident currently being viewed. An icon next to each incident name indicates whether the ML model considers that incident Very Similar, Similar, or Somewhat Similar based on direct or close matches in both incidents’ key attributes.

Enhanced Incident Monitoring - DefenseStorm

Users can click on any incident in this panel to view a full preview of the similar incident.

Incident Monitoring Enhancement - DefenseStorm Threat Surveillance

By selecting View All Similar Incidents, users can view and filter every similar incident by its level of similarity and date of creation.

GRID Active Threat Surveillance enhanced incident monitoring

Viewing similar incidents side-by-side means that the work done in commenting on or remediating an incident is easier and more efficient. For customers, this means making incident handling more effective and, in turn, making our customers’ FIs safer and more risk resistant.

Constantly changing operational environments and ever-vigilant threat actors produce a dynamic cyber risk landscape that demands quick and efficient responses from FIs. Incident Similarity, as part of GRID Active Threat Surveillance, simplifies and expedites the process of identifying, assessing, and responding to cyber threats, reducing financial institutions’ exposure to cyber risk, and making cyber security risk management more effortless than ever before.

Greyson Berkley

Greyson Berkley

Software Engineer

Greyson joined DefenseStorm as a Software Engineer in June 2020. She has an interest in front end development and her work focuses on the DefenseStorm GRID Active intelligent data engine and platform. She holds a degree in Computer Science and Mathematics from Seattle University.