The security team at the Australian telco got its network detection response down from four hours down to one hour a day. Credit: Thinkstock Telecommunications provider Superloop has shifted its cybersecurity focus to behavioural-based attacks. “A lot of the things that we are seeing that make it through our layers are more behaviour-based. It is not necessarily malware; it’s almost social engineering to the next level, where something or someone is trying to find their way into our many layers of defence,” the former head of security and IT, Jason Veness, told CSO Australia.And that has meant use of AI-powered tools. “There’s only so far you will get with known patterns in today’s world,” he said. “What we’re really looking to do was keep within the capabilities of AI-driven intrusion detection, but moreso reduce the complexity of our threat hunting and our security operations teams,” Veness said. The organisation wanted a product that anyone in the team, whether junior or senior, could use it easily.After looking at several tools, Superloop’s chose Vectra AI’s Cognito, which has lowered the number of false positives. It lets the team look across many of its networks, as well as the software-as-a-service, platform-as-a-service, and infrastructure-as-a-service cloud software in use.Veness recommended that cybersecurity professionals at the smaller, emerging providers as they are learning from the gaps of large vendors. He said that part of the cybersecurity skills gap is that “sometimes the tools we use are a little bit dated and require a very specific subset of skills to bring all that data into effectiveness.” Broadening the pool of vendors you consider can help address that, he said. Once deployed, the use of Cognito reduced the amount of time “wasted chasing shadows and signatures”, including false behaviours, Veness said. As a result, security operations and network detection response went from four hours a day to one hour a day, which meant the team spends less time validating threats as the detections were more “on point”, he said.Integration was simple, with the work taking roughly two weeks. Superloop’s IT team did the initial configuration of the hardware remotely. Although the installation was easy, Superloop had to overcome issues with how Cognito interacted with some of its open source hypervisors and private clouds. As an example, Veness cited that Superloop could not get Cognito to work natively with the virtual sensors on that kernel-based virtual machine. To work around the issue, “it led us to find some more traditional spam-based solutions to put those in place,” he said. Still, Cognito “had a lot more support for some of those fringe hypervisors” than other tools did, and “Blue Chip, VMware, Zendesk, and Microsoft hypervisor all work just fine.” Related content news Is China waging a cyber war with Taiwan? Nation-state hacking groups based in China have sharply ramped up cyberattacks against Taiwan this year, according to multiple reports. By Gagandeep Kaur Dec 01, 2023 4 mins Cyberattacks Government news Apple patches info-stealing, zero day bugs in iPads and Macs The vulnerabilities that can allow the leaking of sensitive information and enable arbitrary code execution have had exploitations in the wild. By Shweta Sharma Dec 01, 2023 3 mins Zero-day vulnerability feature The CSO guide to top security conferences Tracking postponements, cancellations, and conferences gone virtual — CSO Online’s calendar of upcoming security conferences makes it easy to find the events that matter the most to you. By CSO Staff Dec 01, 2023 6 mins Technology Industry IT Skills Events news Conti-linked ransomware takes in $107 million in ransoms: Report A ransomware campaign linked to the ostensibly defunct Conti malware group has targeted mostly US businesses, in a costly series of attacks. By Jon Gold Nov 30, 2023 4 mins Ransomware Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe