• One financial services and consulting behemoth designed its cybersecurity stack with an understanding that adversary infrastructure would be a fundamental requirement. But the firm had to ensure it would operate within inevitable budgetary constraints.

• Clear definition of required capabilities led to the selection of HYAS Insight because of its unique ability to support the security team’s existing threat intelligence efforts across its centers worldwide. The firm’s addition of HYAS solutions resulted in a deeper understanding of adversary infrastructure and better awareness to stop cybercriminals and nation-state attackers.

• As a result of using HYAS, the firm disrupted fraud rings and eliminated or reduced the impact of cyberthreats for its clients, while also pruning other solutions from its security stack to reduce costs. A strong working relationship ensured that HYAS’s actionable data were optimized and could drive concrete results for the firm and its clients.

How do global consulting firms with international reach think about providing their cybersecurity services? One major managed service provider (MSP) which we’ll call “MSP Global” offers security operations center as-a-Service (SOCaaS) and cyber threat hunting, detection, and response for clients in more than 150 countries and territories.

MSP Global found tremendous value in incorporating HYAS solutions into a strategy for supporting their global cybersecurity services. Given MSP Global’s size and number of clients around the world, it was crucial to have the most robust cybersecurity capabilities possible. MSP Global designed a comprehensive framework of technical capabilities, effective processes, and rich threat intelligence to support their clients. A critical aspect of this was not only the ability to detect and mitigate attacks but also to understand threat actor behavior and the infrastructure used to carry out their attacks. They needed the right players on board to support their framework, including partnering with the leading intelligence firm specializing in adversary infrastructure. Who fit the bill? HYAS did.

Challenges

Q: Why do clients engage MSP Global’s cybersecurity services?

MSP Global offers SOCaaS and related threat hunting, incident response, and other services to clients who want reliable third-party managed services. Regardless of the services chosen, the firm provided intelligence reporting with industry-specific data, analysis, and insight to help protect client businesses from a wide range of threats.

One of MSP Global’s primary goals when onboarding new clients was to define each client’s particular intelligence requirements. That meant understanding the threat landscape and attack surface for each client. The requirements of course included factors specific to the client, but also inevitably included relevant threat patterns and actors in the client’s industry as a whole.

Those in the banking industry, for example, received different intelligence reports than healthcare providers based upon the specific threats and changing landscape for that industry.  But regardless of the industry, MSP Global leveraged the diverse, contextualized cyber threat intelligence provided by HYAS. The firm combined HYAS intel into an all-source intelligence model optimized for the client.

Q: What drove MSP Global to consider HYAS as a threat intelligence and incident response solution?

The business case for visibility on infrastructure intelligence was clear. Enterprises need timely, relevant, and actionable cyber threat intelligence to understand threat infrastructure and to prevent, detect, and mitigate the impacts of phishing, ransomware, and other kinds of cyber attacks. HYAS provides its clients with rich passive DNS, both standard and industry-exclusive WhoIs, proprietary malware intelligence, and other contextualized intelligence that helps SOC analysts and threat hunters connect the dots and uncover adversary infrastructure.

The case for infrastructure intelligence was so clear that when MSP Global’s intelligence division decided to build its service, it defined its collection strategy around specific intelligence “pillars” that would mutually reinforce each other to provide the best possible cybersecurity services. Adversary infrastructure was an essential part of one of these pillars, representing a predetermined requirement that could only be met with capabilities like HYAS’s.

Solutions

Q: What made MSP Global choose HYAS among other solutions in the marketplace?

No business can escape financial constraints, but it was clear to MSP Global that a single vendor could not demonstrate expertise in all the areas required. The company looked at multiple vendors and found that HYAS occupies a special niche.  HYAS Insight provides unrivaled adversary “infrastructure intelligence” that helps organizations identify the infrastructure used by adversaries to launch attacks and provides visibility into past patterns of activity.  It also identifies future threat activity for associated infrastructure that has not yet been weaponized.

HYAS Protect provides protective DNS capabilities that scrutinizes DNS traffic – a requirement of any communication with the internet – to prevent the corporate network or employee endpoints from communicating with suspicious or malicious sites on the internet. That means adversary activity is interrupted, such as phishing or malware communication with command and control infrastructure. It also means security practitioners get clear insights into the patterns of traffic and unwanted activity across their network so they can track down anomalies and institute change that better protects their organizations.

MSP Global saw something unique in HYAS solutions as well as a standard of excellence that helped put them in the best position to deliver cybersecurity services that best met their client’s objectives.

Q: How does MSP Global use HYAS Insight to help its clients?

HYAS Insight plays neatly into MSP Global’s threat hunting and cyber threat intelligence offerings. Fundamental to supporting these solutions is accurate infrastructure data and the context around it. HYAS provides the necessary real-time data, historical details, and a diverse range of correlated intelligence to help the company’s worldwide centers effectively stop bad actors, whether script kiddies or advanced adversaries.
MSP Global’s intel teams don’t directly provide its clients with data from HYAS. Rather, they use HYAS Insight to support their services with intelligence they can trust, and that means better SOC triage, prioritization, and response to threats, and also more timely, in-depth intelligence reports catered to their clients.

Q: How does HYAS reinforce MSP Global’s security posture?

In addition to using HYAS Insight to support SOCaaS incident response, amplify MSP Global’s threat hunting, and provide threat intel to generate reports, the firm uses HYAS for:

• Data enrichment: Better connection between diverse data types leads to better outcomes for all teams. The company found that different perspectives on single domains provides a more detailed picture, giving analysts clearer paths forward. Solutions like HYAS Insight help organizations understand not just what’s in front of them, but what’s coming their way.
• Fraud: Fraud investigators can put a stop to illicit activities by cross-referencing rich datasets to correlate and pinpoint events, patterns, timeframes of activity, and other information.  This helps fraud teams build cases against specific individuals, liaise with law enforcement, and shut down a bad actor. MSP Global’s anti-fraud teams use HYAS Insight to deconflict and piece together data provided by other tools, building actionable plans to disrupt cyber fraud.

Results

Q: How does HYAS help MSP Global achieve its mission?

HYAS intelligence has empowered MSP Global to successfully identify and stop:

• Fraudulent activity
• DNS tunneling
• Malware command and control
• Pre-weaponized attack infrastructure

And HYAS has also helped MSP Global cut costs. Annually evaluation of 3rd party product fit against the firm’s evolving objectives is a standard component of its vendor management process, ensuring the firm maximizes the value gained from its investments. Reevaluations have resulted in extremely high ROI with HYAS Insight, so high that the firm has managed to prune other less valuable solutions from its security stack.

Q: How does MSP Global’s senior intelligence manager rate HYAS?

MSP Global rates HYAS solutions very high, noting how quickly the intelligence division can pull  information necessary for cybersecurity investigations it conducts on behalf of its clients. In addition, HYAS Insight’s advanced capabilities give MSP Global’s intel teams more ways to present data and recommend action. 

But good products and services are nothing without the right partnership. The relationship between HYAS and MSP Global has ultimately strengthened them both and empowered their missions to build stabler, safer business environments for those they serve.

Connect with us to learn how HYAS’s unrivaled threat intelligence and investigation capabilities can augment your existing security stack and protect against advanced cyberthreats. 

*** This is a Security Bloggers Network syndicated blog from HYAS Blog - 2024 authored by Chris Needs. Read the original post at: https://www.hyas.com/blog/how-one-consultancy-behemoth-uses-hyas-for-unrivaled-cybersecurity