Intelligent CISO Issue 40 | Page 52

built detection coverage , and because Cybereason exposes Malops ( malicious operations ), a fully correlated narrative and deep context about an attack as opposed to individual alerts and alarms for each detected behaviour .
The two teams worked closely together to extend TX Group ’ s detection and response capabilities across cloud services and infrastructure . With the direct integrations with Okta , Google Workspace , Digital Shadows , Fortinet and AWS , Cybereason XDR automatically surfaces anomalous user behaviour , insider threats and makes it easy to understand the full attack story behind any incident .
The outcome
Since expanding to XDR in Summer 2020 , the team has gained more visibility , identified multiple suspicious behaviours including MFA bypasses and other Okta intrusion attempts , and has already set up a first Slack notification and response bot to reduce remediation time and efforts . Unlike SIEM tools , Cybereason correlates endpoint telemetry against user identities and access behaviours . This approach detects threats that would otherwise be overlooked as weak signals and greatly accelerates incident triage and investigation times .
Schneider continues to update the board at TX Group on the implementation of its agile , Zero Trust security strategy . Because it chose cloud-first , the TX Group team reduced its overall attack surface , friction to end-users and even its number of incidents — in spite of the pandemic and rise in cyberattacks . Instead of investigating individual alerts and tools , the team is focused on the broader mission : ‘ Which of my users and assets are at risk ? Did our user click on a phish and enter credentials or download malware ? If yes , automate the response where best feasible ’. Both teams are looking forward to expanding the XDR deployment across more TX Group brands and adding new use cases that enable focusing on the relevant chain of events .
We caught up with Andreas Schneider , Group CISO at TX Group , to find out more about the solution and its benefits .
Can you tell us about your role as Group CISO and the scope of your responsibility ?
My mission is simple – make sure that we are not getting hacked . We are the largest private media group in Switzerland . Our business is diverse – including FinTech , traditional paid newspaper , free news apps , online marketplaces , a realtor platform , job searching sites , advertising services and many more . We also act as a VC in Switzerland , looking for inspiring startups that fit our portfolio and vision . In regard to cybersecurity , I am responsible for all of it , starting with due diligence reviews
52 www . intelligentciso . com