Time, money and skills are often in short supply among IT security teams. Fortunately, SOC.OS was recently able to offer one of the UK’s most renowned museums an innovative way to overcome many of these challenges.
By enhancing visibility into incoming threats, we’ve been able to help the Natural History Museum (NHM) improve incident response and cyber resilience going forward.
Museums and art institutions have found themselves on the receiving end of ransomware attacks in the past few years. In 2019, an attack on the San Fransisco Museum of Asian Art disabled the museum’s computer systems. More recently, “the personal information of donors to several hundred cultural institutions”, including the National Trust, was accessed in the 2020 Blackbaud ransomware attack. With over five million visitors a year (pre-COVID 19), the Natural History Museum could likewise become a target.
Infosecurity Manager, Chris, complains that his original set-up was overly alert-focused, disjointed and lacking in intelligence. He didn’t have the time or resources to invest in a SIEM platform and staff to man it, or to pore over raw data and write specific correlation rules.
SOC.OS offers an alternative to the never-ending “whack-a-mole” many threat response teams are forced to endure today. Our tool absorbs alerts from your on-premises and cloud security tools, enriches them with third-party threat intelligence and business context, and correlates them into clustered groups. These are ranked according to urgency and any featuring specified high-performance assets will be moved up the priority list.
They’re then displayed on a single, intuitive graphical interface for faster incident response. Automated reporting and dashboard widgets provide a real-time and consolidated view of disparate threat data.
Making smarter decisions
SOC.OS provides the Natural History Museum with detailed data on who is attacking what, and how. It’s everything Chris and his team need to respond faster to serious cyber-threats, and prioritise which systems need patching and reconfiguring, to improve resilience.
“Our cyber-security operations previously reacted on an alert-by-alert basis, and we had to manually determine whether the alert in question was related to any others produced from adjacent tools within the security stack,” he explains.
“We now have the capability of making decisions based on consolidated and joined-up data. This means more time is spent on higher value tasks—focussing effort on remediating the highest priority threats/incidents, rather than wasting time trying to find them in the first place.”