Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Thursday, 23 March, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

DomainTools’ Iris Helps L3Harris Technologies Investigate Advanced Persistent Threats And Cyber Espionage Attampts

The CSIRT team at L3Harris Technologies has found a way to efficiently and effectively triage threats and prevent future cyber attacks.

by Sabina
March 31, 2020
in Uncategorized
DomainTools Logo
Share on FacebookShare on Twitter

As one of the largest global defense companies, L3Harris provides mission-critical solutions to connect and protect the world, serving customers in more than 130 countries. Given the nature of the company’s industry, L3Harris faces numerous facets of cybersecurity threats from advanced adversaries and nation states. The company’s 24×7 computer security incident response team (CSIRT) analysts operate in a highly advanced security atmosphere that is continually growing more complex.

Devin McLean, SOC Manager and IRT Engineer at L3Harris says the cybersecurity threat landscape has become notably more challenging in recent years. He attributes this to a variety of converging factors, including an
increase in the volume of security alerts his team receives each day and an increasing attack surface. The global cybersecurity resource shortage is another challenge, squeezing bandwidth and making it difficult for
organizations to staff their teams with additional support. The process of enriching indicators has also become more complicated. McLean points to a growing and varied matrix of data (e.g. DNS information, SSL data, surface evidence, etc.) that analysts must review to better understand their indicators. The ability to quickly investigate and pivot upon indicators is critical to effective incident response.

“Cyber espionage is one of the biggest threats our organization faces. Nation-State activity is on the rise for many industries, but is particularly aggressive in the defense industry. The more we understand about these highly sophisticated adversaries, the more effective our team is at reinforcing our protections against them. It also helps us draw possible connections between domains that we know are nefarious and new ones that show up in alerts.” — McLean

Focused on staying ahead of advanced persistent threats (APTs), the team utilizes insights provided by DomainTools to better understand the networks and infrastructure of state-sponsored actors and other parties looking to gain entry and/or spy on the organization. L3Harris initially implemented DomainTools to enable
brand monitoring alerts, so the team would know when a threat actor was staging a phishing campaign or attempting to register a domain associated with the company name. With the complementary capabilities
in Iris, the team has deepened its use of domain information to inform threat investigations.

McLean and the team of analysts at L3Harris use Iris to pivot on these data points and expand their list of domains associated with suspicious IP addresses and domain registrant information. That information is cross-referenced against other domains across the environment. This approach has uncovered connections between the registrations of numerous domains, providing the team with robust intelligence to further investigate networks of adversaries and block those that were previously known. In Iris, Domain Risk Scores that predict the likelihood that a domain is malicious, even before it is weaponized, and SSL Profile data panels that allow the analysts to examine certificates in detail, are key features for the L3Harris team. Using these tools, they can close
the window of vulnerability between when a malicious domain is registered and when it is observed causing
harm. They also help the team better understand the profile and screenshots of a website without navigating to it, and in some cases, uncover additional pivot points not otherwise available.

“Our team averages a 96 percent month-over-month increase in security alerts, and every day we process indicators from intelligence reports and more than 1,000 emails reported as suspicious by our users. Many of these include some level of domain information. The ability to automatically process those indicators and suspicious IP addresses quickly instead of manually significantly decreases the amount of time it takes to conduct the investigation, which is a major boost to our work.” — McLean

The domain insights and pivoting capabilities provided in Iris support McLean and his colleagues in successfully combating an increasingly challenging range of threats, maximizing the effectiveness of the available resources of security organizations. DomainTools is also helping L3Harris improve the quality of its investigations by giving the team a way to automatically enrich indicators quickly and spend less time manually gathering information. This, combined with a highly intuitive user interface, allows analysts to accelerate incident response and focus on threat hunting. With rich data at their fingertips, they can act more quickly, make accurate decisions about alerts and rapidly escalate them when needed.

 

 

FacebookTweetLinkedIn
Share3TweetShare
Previous Post

According to Gurucul: Two in Three Cybersecurity Professionals Access Documents Unrelated to their Role

Next Post

DomainTools supports the open-source security community and its customers with new TheHive and Cortex integration capabilities

Recent News

Blue logo, capitalised letters. SPECOPS.

Fortune 500 Company Names Found in Compromised Password Data

March 23, 2023
Ferrari Data Breach: The Industry has its say

Ferrari Data Breach: The Industry has its say

March 22, 2023
security

What Is Observability, And Why Is It Crucial To Your Business?

March 21, 2023
Organisational Cybersecurity.jpg

How Emerging Trends in Virtual Reality Impact Cybersecurity

March 21, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information