Skip to main content

In the cybersecurity landscape, the focus has often been on identifying threats, which is crucial but not sufficient to ensure a comprehensive defence. The Cyberoo team has observed a growing need to improve remediation management, an essential process to effectively respond to cyber threats.

Modern attacks are characterised by a speed and destructive impact that require not only a timely, but also a proactive response.

Remediation is not limited to managing incidents that have already occurred; it extends to preventive mitigation, identifying threats at their inception and applying the necessary countermeasures before they can cause significant damage.

Remediation with Keera

In this context, Cypeer Keera represents a significant evolution of the Managed Detection and Response (MDR) solutions offered by Cyberoo. This platform integrates advanced remediation strategies, designed to be both fast and effective.

The goal is to stop attacks in progress before they reach their targets, while minimising the impact on the customer’s infrastructure. The main challenge lies in balancing speed and effectiveness: a rapid response is useless if it is not also effective in neutralising the threat.

Many companies face compromises because, although their defence systems are able to detect and slow down attacks, they cannot stop them completely.

Attackers are adept at identifying and bypassing defensive blocks, exploiting gaps in the response. Even with advanced technologies, the defensive line must be supported by effective and timely remediation.

Cypeer Keera was developed to fill these gaps, offering a solution that combines advanced detection with integrated remediation capabilities. This approach ensures that threats are addressed not only quickly, but also with the precision required to prevent further compromises.

The evolution of Cypeer into Cypeer Keera represents a significant step forward in the protection of corporate infrastructure, ensuring that remediation is at the heart of the defence strategy.

 

The Rescue Chain

At the heart of the Cypeer Keera solution lies a fundamental concept: the Cyberoo Certified Rescue Chain, a framework that guides remediation and threat mitigation activities. This system is designed to ensure that the I-SOC (Integrated Security Operations Centre) can effectively coordinate the necessary actions with Cyberoo customer or partners.

Generally, when a critical event is identified, such as a threat affecting firewalls, workstations or servers, the rescue chain determines who needs to be contacted and with what priority. For example, if an attack requires urgent changes to the firewall, the I-SOC knows exactly who to involve, be it the customer, a partner or a supplier, to quickly implement the necessary measures.

However, the challenge does not stop there. In many cases, companies have to deal with scopes, such as the need to modify the Active Directory outside working hours, when staff may not be available.

 

News of Cypeer Keera

To address these situations, Cypeer Keera integrates automatic remediation modules, which allow the software to perform predefined actions in response to critical events, without immediate human intervention. These automatic actions are carefully planned and authorised in advance, ensuring that they can be executed safely and effectively.

The Keera team, an integral part of the solution, is composed of certified experts who can intervene manually when necessary. This team uses dedicated connectors to perform remediation actions on demand, based on in-depth event analyses.

While automation handles clearly malicious events, the Keera team deals with more complex ones, where human intervention is crucial to assess and mitigate potential threats.

The service is implemented through our platform that allows operators to intervene according to a well-defined list of tasks agreed with the client in the start-up phase (Keera Cookbook).

The use of the Cypeer Keera platform allows us to proactively operate on remediation-enabled systems without the need for ‘personal’ access or credentials to the systems themselves. The solution operates according to the SOAR paradigm, for which, there is a first and only one connection to the systems being remediated.

The operator of the first link in the remediation chain will therefore use these dedicated channels to operate.

 

Keera: possible actions

In the project definition phase, all possible actions are shared between the Keera Team and the Customer, based on the products integrated within Cypeer, which uses the APIs made available by the various solutions integrated with it, to allow proactive manual management without direct access to services, appliances or devices.

All possible actions are available in the Cookbook, which precisely identifies the mitigation activities that can be implemented on systems connected to Cypeer, dividing them by type (Remediation and Information Gathering), describing the activity, the entities required to perform it and more.

 

Cybersecurity in full

Getting to the heart of the process, the rescue chain for Cypeer Keera is based on an established process that starts with detection, continues with triage and investigation by the I-SOC, and culminates with the implementation of remediation actions.

In clear and well-defined scenarios, automatic remediation comes into play to quickly deal with threats. However, when faced with more complex or ambiguous situations, Team Keera intervenes directly, eliminating the need to involve third parties such as customers, partners or suppliers.

Team Keera is not an investigation group, but a unit dedicated to carrying out the activities required by the SOC. When an attack is identified, such as an unauthorized access attempt via VPN, the team can intervene to preemptively block the subnet involved, preventing the attack from reaching its target.

This approach is particularly effective against targeted attacks, where attackers may have privileged information. Cyberoo maintains the focus on security without taking over the administrative management of customer systems. Actions are performed via APIs, allowing secure and controlled interaction with the customer’s infrastructure.

The objective is not to take control of systems, but to perform specific and limited actions, such as blocking or unlocking critical elements, ensuring fast and effective intervention.

This ability to act in real-time ensures that threats are mitigated in a timely manner, without compromising business operations. With Cypeer Keera we close the cybersecurity loop by integrating detection, triage, investigation and remediation into a seamless and efficient flow.

 

In conclusion…

Cypeer Keera represents a significant advancement in the field of cybersecurity, the result of intensive research and development work by the Cyberoo team.

The solution integrates advanced machine learning and big data analysis technologies with the proactive approach of the I-SOC team, enabling the management of cyber threats at any time and any day of the week.

This approach not only improves the ability to detect threats, but also allows the associated risks to be mitigated in a timely and effective manner.

 

By Roberto Veca – Head of Cybersecurity, CYBEROO