Tel Aviv Stock Exchange Selects CardinalOps to Reduce Risk of Breaches Due to Undetected Attacks
June 2023 by Marc Jacob
CardinalOps announced that the Tel Aviv Stock Exchange (TASE) has deployed the CardinalOps platform to continuously audit and remediate detection coverage gaps in its Splunk Enterprise Security (ES) instance, thereby reducing the risk of undetected attacks in its Security Operations Center (SOC).
Established in 1953, TASE is a publicly-traded stock exchange since 2019 that plays a central role in the Israeli economy and provides a market infrastructure that is central to the economy’s growth. TASE members include top international banks such as Barclays Bank PLC, Citibank, N.A., and HSBC Bank PLC; Israeli commercial banks such as Bank Hapoalim B.M., Bank of Jerusalem Ltd., and Bank Leumi Le-Israel B.M.; and Israeli and foreign investment firms such as Jefferies LLC, Merrill Lynch International, and UBS Securities Israel Ltd, Excellence, Meitav, IBI and more.
According to ESG research, 89% of organizations currently use MITRE ATT&CK as a reference source, but many are understaffed and lack the skills required to fully operationalize it in the SOC. Alternatively, some organizations attempt to identify gaps via manual, time-consuming and error-prone techniques like spreadsheets.
Using automation and MITRE ATT&CK, the CardinalOps platform enables organizations like TASE to continuously identify and remediate missing, broken, and noisy detections that lead to coverage gaps, thereby enabling a proactive, threat-informed defense tied to the risks that are most relevant to them.
CardinalOps will be demonstrating its detection posture management platform at the Gartner Security & Risk Management Summit (June 5-7, National Harbor, MD, Booth #261). The platform will also be featured at the Splunk .conf23 User Conference (July 17-20, Las Vegas).
Addressing Complexity and Constant Change
With several thousand servers and more than 50 security tools sending diverse monitoring telemetry to Splunk, the exchange’s SOC team faces significant complexity on a 24x7 basis.
The team’s complexity challenges are compounded by constant change in both the firm’s attack surface and the global threat landscape. According to data from MITRE ATT&CK, the industry-standard framework for tracking adversary playbooks and behaviors on a global basis, there are now more than 500 distinct adversary techniques and sub-techniques used to conduct cyberattacks ranging from ransomware to cyber espionage to attacks on critical infrastructure – and the number is constantly growing.
The exchange’s SOC team is responsible for developing and maintaining custom detection rules for the adversary techniques posing the highest risk to the organization – based on MITRE ATT&CK and the firm’s diverse collection of data sources – including for the latest high-profile attacks and vulnerabilities such as the recent Outlook vulnerability and the Follina vulnerability in Microsoft Office.
Equally important, SOC teams are also responsible for ensuring all detections are configured properly and not causing excessive noise – because attackers know they can “hide” or blend in with the noise because SOC analysts are overwhelmed with noisy alerts and often ignore them.
The CardinalOps SaaS platform helps address these challenges by continuously analyzing the firm’s Splunk-ES instance and delivering high-fidelity detections to maximize its effectiveness.
Backed by security experts with nation-state expertise, the CardinalOps platform uses automation and MITRE ATT&CK to continuously ensure you have the right detections in place to prevent breaches, based on a threat-informed strategy. What’s more, it improves detection engineering productivity by 10x and drives cost savings by recommending new ways to tune noisy and inefficient queries, reduce logging volume, and eliminate underused tools in your stack. Native API-driven integrations include Splunk, Microsoft Sentinel, IBM QRadar, Google Chronicle SIEM, CrowdStrike Falcon LogScale, and Sumo Logic.