On May 12, 2021, two professionals from the Macau Chinese Bank responsible for internal audit and information security visited our company’s Security Operations Center as a Service (hereinafter referred to as SOCaaS) and exchanged the trend of information security design and management.
Mr. Terry Cheung, our Managing Director of the company introduced the adoption of the Security Orchestration Automation and Response system with the Security Information and Event Management (hereinafter referred to as: SOAR and SIEM) to integrate with the firewalls (Firewall), Sophos endpoint detection and response security software (hereinafter referred to as EDR). With the company’s cyber threat intelligence system collecting intelligence from different regions of the world, that enable the accuracy of our automatic analysis, reduce the workload of manual analysis and equip us to detect early attacks in time.
The Macau Chinese Bank and his party are interested in the difference between Sophos endpoint detection and response security software (hereinafter referred to as: EDR) and traditional antivirus software (AntiVirus). Therefore, it was introduced in the meeting that traditional anti-virus software is installed separately on the device, and can only do simple protection and detection. EDR adds a “response” function. In Sophos’ EDR, it responds to whether the malware has touched other files. It can be likened to a human being infected with a virus: some patients are infected with the virus and don’t know who they are in contact with, but they may be infected with the virus without knowing it and continue to spread. Traditional anti-virus software can only be found when an illness occurs or when a full-computer scan is performed. Sophos EDR already knows that it has contact with other files, so it is easier to find viruses and malware. At the same time, the EDR will automatically report the issue to TopSOC SOCaaS system and notify the upper-level system to trigger the inspection to other endpoint devices. This will greatly reduce the risk to organizations.
In addition to the network and endpoint security, in the era of big data, information storage is also a big security threat. Pure Storge provides a good feature to encrypt the entire storage to ensure the protection for ‘Data at Rest’ without jeopardizing the data de-duplication ratio and performance. The information can be encrypted in real time when the information is stored, this provides better respond to information security threats.
For the visit, the Macau Chinese Bank understood further how SOCaaS could protect organizations from cyber attacks, the new generation of EDR and how to better handle the emerging information security threats. All of these will assist the team to grow as well as to reduce the pressure to the team members.
2021年05月12 日, 澳門華人銀行兩位負責內部審計及資訊安全的人員, 參觀本公司的資訊安全託管服務(以下簡稱: SOCaaS)及了解資訊安全設計及管理的趨勢.
本公司常務總監張德慶先生介紹, 利用資安協調、自動化與回應系統及安全信息和事件管理(以下簡稱: SIEM)聯動防火牆(Firewall), Sophos端點檢測和響應安全軟件(以下簡: EDR). 再利用本公司獨家技術, 聯同不同地區資訊安全情報, 快速自動分析是否需要跟進相關安全回報(Ticket). 減少人員手動分析的工作量, 再大的工作日誌, 也輕易地完成. 達至有效地偵測早期的攻擊事故, 減低網安風險.
澳門華人銀行一行對於Sophos端點檢測和響應安全軟件(以下簡稱:EDR)與傳統防毒軟件(AntiVirus)的差異感到興趣. 所以在會議中介紹傳統防毒軟件是單獨安裝在設備上, 只能做到簡單的感染前防護(Pre-infection Protection). EDR加入”回應”功能(Response). 在Sophos 的EDR中, 回應該惡意軟件是否有接觸其他文件. 可比喻為人中了病毒: 有病患感染了病毒, 不知道跟誰人接觸, 而他們可能感染了病毒而不自知, 繼續傳播. 傳統防毒軟件則只有病發或做全機掃瞄時才可能找出, 而Sophos EDR已經知道與其他文件有接觸, 所以更容易找出病毒及惡意軟件. 同時EDR會自動跟高信SOCaaS安全系統報告, 會通報SOCaaS上層系統, 要求其他終端設備做檢測, 降低對企業的威脅.
資訊安全上除了網絡及終端設備外,大數據的年代, 資訊儲存也是一個很大的安全威脅, Pure Storge提供了一項很好的功能,可以對整個存儲進行加密,以確保對靜態數據的保護,而不會損害數據的重複數據刪除率和性能. 信息在存儲時可以實時加密,這可以更好地響應信息安全威脅.
澳門華人銀行一行經過這次的會議,對於SOCaaS如何協助企業提供更進一步的安全防護, 新一代EDR及如何面對更多的資訊安全威脅, 減少相關人員的壓力, 協助他們更進一步.