Implementing cybersecurity measures ensures organisations are protected and ready to defend themselves against cyberattacks. These solutions help organisations benefit from data protection, regulatory compliance, and increased productivity. They prevent financial losses, build customer trust, provide protection for customers and support remote work.
Codestone, a UK-based Digital Transformation specialist, helps businesses across the globe transform digitally to become more efficient, effective and agile. Additionally, Codestone’s CyberCare solution offers a 24/7 managed security service that uses AI, automation and human expertise to protect a business’s digital environment from cyber threats.
Speaking to ERP Today, Lee Duke [LD], Cybersecurity Expert at Codestone, offers some insight into its cybersecurity offering, CyberCare.
ERP Today: Codestone’s CyberCare Security Operations Center (SOC) offers 24/7 protection against sophisticated ransomware threats. Could you walk us through how this solution integrates technologies like CloudGuard and AI-driven anomaly detection?
LD: Our CyberCare solution leverages CloudGuard’s automation. Microsoft Sentinel is rapidly deployed in our customer’s tenant in a standardised and secure way. This includes a base set of connectors to start ingesting data, log sources such as Microsoft Entra (AD), M365 and Azure Activity Monitor.
Custom connectors are then deployed from a vast template library to ensure all log sources are ingested into Microsoft Sentinel. These connectors are fully optimised and tuned to ensure minimal log storage is utilised within Microsoft Sentinel.
In addition, we have an array of pre-existing rules to work with these connectors to trigger targeted use cases and create events for both automation and human intelligence workflows.
Our CyberCare MXDR (Managed eXended Detection and Response) enriches and investigates all threats, anomalies and suspicious activity using advanced AI techniques. We leverage an AI Virtual SOC assistant to automate the first phases of enrichment and investigation, leveraging advanced Threat Intelligence feed data real-time, ensuring the incident is updated and enriched with all the relevant information. The final phase of remediation will take place automatically. If automated remediation is not possible, the ticket is passed to a Human SOC Analyst to action and co-remedy further working with the Network Operations Center (NOC) team, ensuring that we can reduce the Mean Time to Resolve (MTTR) to minutes, not hours.
ERP Today: How does Codestone’s CyberCare SOC use AI to detect and neutralise threats in real-time? Can you give examples of how AI-based tools provide an edge over traditional cybersecurity methods?
LD: The AI engine can conduct thorough analysis on the alert within minutes rather than hours or days.
For example, assuming a specific IP address or file is flagged as being malicious using one of the various sources of Threat Intelligence or Endpoint AV product. In this case, the AI engine can swiftly establish the extent of the issue by conducting relevant queries against the logs to determine any signs of lateral movement or infection. The information is surfaced real-time and all touch-points are correlated by the virtual SOC assistant allowing us to understand within minutes the extent, seriousness and current status of the problem and whether it can be automatically remediated or requires additional human input.
Since this automated process is continual and works 24/7, carrying out thorough analysis as required. All events are presented in a dedicated dynamic dashboard showing live statistics as well as full investigation details.
ERP Today: How does Codestone ensure that CyberCare SOC evolves to meet new threats?
LD: Among other things, the solution is integrated with world leading threat intelligence feeds ensuring that the engine is always aware of the latest threats, industry trends and dark web activity. AI is also utilized to execute real-time enrichment and Investigation across all threat events. Proactively, threat vectors are continuously monitored across all the data sources to determine and identify any lateral movement.
