Expert insight, best practices and advice on SecOps and CSMA

Case Study: Uncovering Critical Risks Through AI-Powered Security Data Correlation and Contextual Analysis

Eran Zilberman
July 10 2024

The ability to understand and  prioritize risks effectively can mean the difference between resilience and vulnerability to cybersecurity threats. Effective risk prioritization is a formidable challenge faced by many organizations. For one of our customers, the challenge of cybersecurity risk prioritization became starkly evident when they uncovered unexpected vulnerabilities within their environment. The critical risk they created lurked unnoticed, posing a clear and threatening risk to the enterprise operations and security posture —until Cyclops’s AI-powered Risk Prioritization platform illuminated the path. This anonymous case study delves into how this customer not only identified the hidden threat, but also showcases how our innovative technology empowers teams to proactively safeguard against emerging dangers.

Unearthing Security Gaps, IT Hygiene Issues and Unexpected Risk

The customer, who will remain anonymous, is a Fortune 500 international food chain with over 100,000 employees. They were concerned about coverage issues and their primary goal was to understand security gaps across assets and identities. Cyclops’s AI-powered platform makes this type of analysis very easy: once connected to the main security solutions and IT stack the organization uses, it automatically correlates and analyzes data highlighting the risks it discovers.

We immediately found a few interesting things:

  • According to company policy, all Assets should be Covered by Crowdstrike, Island,Wiz and Tenable. Cyclops showed that several critical systems were missing one or more required protections. 
  • Cyclops further showed the identities related to those devices, and highlighted that two of those identities were company executives with privileged access rights to critical business systems. 
  • On top of that, these executives were accessing critical systems without using MFA. 
  • Finally, Cyclops showed that several identities, including the executives related to the unprotected devices, fell for a phishing simulation, indicating they are vulnerable to these types of threats.

The combination of these issues creates a critical risk to the organization - one that the team can’t ignore. They immediately rushed to remediate the situation.

Finding Exposed Device Related to High Risk Users
Image: Finding Exposed Device Related to High Risk Users

And this isn’t all. Cyclops discovered many other issues including:

  • Cyclops found unmanaged devices in the environment. Even more interesting, these unmanaged devices were protected by ZScaler
  • Cyclops uncovered more IT hygiene issues like inactive devices that should be removed, and unknown software.
  • It also discovered additional security solutions that are in use in the environment, even though we didn’t connect Cyclops to those systems

Addressing The Elephant In The Room

To better explain the challenge of risk detection and prioritization I want to refer to the parable about the blind men and the elephant: 

A group of blind men heard that an elephant arrived in town. Since they’ve never seen an elephant before, they were curious. They decided to go and try to understand what it is by touching it. Each of them touched a different part of the elephant: 

  • Oh, it’s like a big strong snake! - said the person who touched the elephant trunk
  • No, it’s like a tree - said the person who touched the elephant leg
  • It feels like a big fan - said the person who touched the ear
  • It’s like a rope - said the person who touched the tail
  • Not at all, it feels like a wall - said the one who touched the elephant body

Not only couldn’t the blind men agree on the nature of the elephant, in some versions of this parable, the blind people suspected that the others were dishonest and they started fighting each other.

The elephant  

Well, you get where I’m going with this, right? Just as the blind people in the story couldn’t grasp the true nature of the elephant based on their limited, subjective experiences, SecOps teams face a similar challenge. In an enterprise environment, each security tool and system generates its own set of alerts and data points, often providing only a partial view of the overall security posture. These alerts are like the descriptions given by the blind individuals—each accurate from their perspective but incomplete in describing the whole picture.

SecOps teams encounter too many fragmented alerts and data that, when viewed in isolation, offer a narrow perspective on potential risks. Without the ability to correlate and analyze these disparate insights, understanding the comprehensive scope of threats and vulnerabilities becomes elusive. Just as the blind individuals need collaboration and synthesis of their perspectives to understand the entirety of the elephant, SecOps teams must correlate and analyze data across their security technologies to gain a holistic view of the organization's security posture. Only then can they effectively prioritize responses and mitigate risks in a proactive and informed manner.

Risk Can Be Hiding in Plain Sight

Underestimated vulnerabilities and weaknesses within the organization can lead to significant risks and expose us to security breaches. A narrow focus on high-severity CVSS scored vulnerabilities, and well known visible threats, can result in overlooking weaknesses that may pose significant risks if exploited. The complexity of modern IT environments can obscure vulnerabilities or dependencies that are not fully understood or documented. This complexity is further enhanced in the era of AI, in which we face new privacy concerns related to data handling, and vulnerabilities in AI-driven applications. Securing AI systems, and the data they process  within IT networks is a new challenge for all enterprises. 

This is where Cyclops AI-Powered Risk Prioritization ability to quickly correlate and analyze events across hybrid networks can help SecOps overcome challenges and become more efficient than ever: 

Cyclops leverages AI to quickly collect, normalize, correlate and analyze the huge volume of security alerts and data points provided by the existing technology stack. Over the last few years this has become an impossible task for humans, no matter how skilled and talented they may be. Cyclops then leverages AI again to search for critical issues and insights that require the team’s attention. 

In the customer case study mentioned above, we didn’t tell Cyclops to search for this risky combination of security issues. The platform identified it, and highlighted it to the customer, without any human involvement in the analysis process.

This makes Cyclops a powerful tool in any organization’s battle against cyberthreats, enabling proactive risk discovery and mitigation.

Ready To See Cyclops In Action?    Sign Up for a Demo Here

Read more

In today's dynamic threat landscape, traditional approaches to vulnerability management are proving insufficient in the face of rapidly evolving cyber threats. Cybersecurity threats are becoming...

May 16, 2024

In today's rapidly evolving threat landscape, organizations need to craft robust strategies to counter these threats. The potential ramifications of cyber attacks underscore the importance of taking...

April 15, 2024