Enables financial services firm to operationalize MITRE ATT&CK with Splunk and eliminate detection coverage gaps based on organizational risk and priorities
TEL-AVIV, Israel and BOSTON, June 1, 2023 /PRNewswire/ — CardinalOps, the detection posture management company, today announced that the Tel Aviv Stock Exchange (TASE) has deployed the CardinalOps platform to continuously audit and remediate detection coverage gaps in its Splunk Enterprise Security (ES) instance, thereby reducing the risk of undetected attacks in its Security Operations Center (SOC).
Established in 1953, TASE is a publicly-traded stock exchange since 2019 that plays a central role in the Israeli economy and provides a market infrastructure that is central to the economy’s growth. TASE members include top international banks such as Barclays Bank PLC, Citibank, N.A., and HSBC Bank PLC; Israeli commercial banks such as Bank Hapoalim B.M., Bank of Jerusalem Ltd., and Bank Leumi Le-Israel B.M.; and Israeli and foreign investment firms such as Jefferies LLC, Merrill Lynch International, and UBS Securities Israel Ltd, Excellence, Meitav, IBI and more.
“CardinalOps delivers the strategic expertise and automation we need to ensure our SOC is operating at maximum effectiveness and efficiency,” said Gil Shua, CISO, Tel Aviv Stock Exchange. “The platform ensures we always have the right detections for the MITRE ATT&CK techniques that matter most to us – and more importantly, it ensures our detections are always functioning as intended, with minimal false positives and false negatives.”
According to ESG research, 89% of organizations currently use MITRE ATT&CK as a reference source, but many are understaffed and lack the skills required to fully operationalize it in the SOC. Alternatively, some organizations attempt to identify gaps via manual, time-consuming and error-prone techniques like spreadsheets.
Using automation and MITRE ATT&CK, the CardinalOps platform enables organizations like TASE to continuously identify and remediate missing, broken, and noisy detections that lead to coverage gaps, thereby enabling a proactive, threat-informed defense tied to the risks that are most relevant to them.
Shua continued: “With CardinalOps, we’ve doubled our ATT&CK detection coverage in the first three months alone – and we are on track to increase the number of detections by nearly 10x by the end of this year. That’s a huge productivity gain, which also drives cost savings and addresses our staffing and budgetary constraints. Moreover, it’s a SaaS platform that’s easy to deploy, requires no additional headcount to manage, and integrates seamlessly with our existing Splunk workflows by enabling us to automatically push pre-customized and pre-validated detections – whether new or remediated – directly into our Splunk-ES instance.”
“Preventing breaches starts with having the right detections,” said Michael Mumcuoglu, CEO and Co-Founder of CardinalOps. “However, this is a major challenge for most organizations because detection engineering is one of the last remaining SOC functions to still rely on manual ad-hoc processes, tribal knowledge, and specialized experts that are difficult to hire and retain – rather than on automated workflows and documented processes. This leads to increased risk of breach from gaps that attackers leverage to gain initial access, escalate privileges, and remain persistent in the network. We’re honored to help defend TASE from the global threat actors that target it on a daily basis.”
CardinalOps will be demonstrating its detection posture management platform at the Gartner Security & Risk Management Summit (June 5-7, National Harbor, MD, Booth #261). The platform will also be featured at the Splunk .conf23 User Conference (July 17-20, Las Vegas, Booth #T301).
Addressing Complexity and Constant Change
With several thousand servers and more than 50 security tools sending diverse monitoring telemetry to Splunk, the exchange’s SOC team faces significant complexity on a 24×7 basis.
The team’s complexity challenges are compounded by constant change in both the firm’s attack surface and the global threat landscape. According to data from MITRE ATT&CK, the industry-standard framework for tracking adversary playbooks and behaviors on a global basis, there are now more than 500 distinct adversary techniques and sub-techniques used to conduct cyberattacks ranging from ransomware to cyber espionage to attacks on critical infrastructure – and the number is constantly growing.
The exchange’s SOC team is responsible for developing and maintaining custom detection rules for the adversary techniques posing the highest risk to the organization – based on MITRE ATT&CK and the firm’s diverse collection of data sources – including for the latest high-profile attacks and vulnerabilities such as the recent Outlook vulnerability and the Follina vulnerability in Microsoft Office.
Equally important, SOC teams are also responsible for ensuring all detections are configured properly and not causing excessive noise – because attackers know they can “hide” or blend in with the noise because SOC analysts are overwhelmed with noisy alerts and often ignore them.
The CardinalOps SaaS platform helps address these challenges by continuously analyzing the firm’s Splunk-ES instance and delivering high-fidelity detections to maximize its effectiveness.
Backed by security experts with nation-state expertise, the CardinalOps platform uses automation and MITRE ATT&CK to continuously ensure you have the right detections in place to prevent breaches, based on a threat-informed strategy. What’s more, it improves detection engineering productivity by 10x and drives cost savings by recommending new ways to tune noisy and inefficient queries, reduce logging volume, and eliminate underused tools in your stack. Native API-driven integrations include Splunk, Microsoft Sentinel, IBM QRadar, Google Chronicle SIEM, CrowdStrike Falcon LogScale, and Sumo Logic. Learn more at cardinalops.com.
For Media Inquiries:
Nathaniel Hawthorne for CardinalOps