time to build, test, and deploy detections
security maturity and detection coverage
efficiency by leveraging a modular and scalable builder that maps detections to the MITRE ATT&CK Framework
- Prevent security breaches by investing in innovative technology
- Improve security operations by detecting early and often
- Reduce response time by increasing detection coverage and effectiveness of security controls
- Significant time to build and maintain threat detections
- Difficulty onboarding new data sources
- Scaling the team effectively
The cryptocurrency industry is fast-moving and dynamic, making it a prime target for a number of cybersecurity threats. As with any financial platform that deals with digital assets, Crypto.com’s security team is committed to mitigating cybersecurity threats, building user trust, and protecting their product and business lines. Global Head of Cyber Security Services Tim Yip explains, “Our main intent is to be as effective as we can on the controls we operate to detect and stop breaches.” Leading the team that includes Georgin Lau, Director of Security Engineering, and Bosco Tam, Security Engineering & Operations Specialist, Crypto.com’s philosophy is to detect early and often and respond as quickly as possible to potential incidents.
However, this was easier said than done. Tim acknowledges that their main challenge was that it takes a significant effort and a certain team size to effectively build and maintain a detection engineering and security monitoring program. They also spent a lot of time manually researching the latest threats or new use cases and building a subsequent detection based on the MITRE ATT&CK framework. In an urgent situation, the team would rally together to get new detections out in a day, but in most cases, it would take upwards of two weeks or more due to internal testing protocols. In addition, as Crypto.com invested in Snowflake’s security data lake, team members found it challenging to write detections in Snowflake SQL to obtain the coverage they needed to stay ahead of threats.
When Tim and the team came across the Anvilogic Detection Engineering and Hunting Platform, the immediate benefit they saw was the ability to deploy detections quickly and easily. “The core feature of Threat Identifiers and Threat Scenarios in the Anvilogic platform is a huge differentiator,” says Tim. “We tried to build something similar on another SIEM platform, but it takes a lot of effort, and it’s not as modular or scalable as it is in the Anvilogic platform. The ability to create advanced detections in a simple way while also mapping it to attack patterns really elevates our detection engineering process.”
Because Anvilogic’s unique approach to detections centers around behavioral patterned-based detections (Threat Scenarios) versus just traditional, atomic detections (Threat Identifiers), the Crypto.com team had to adjust the way they approached detection engineering slightly. After getting used to this new methodology, several key platform features have become essential for them, including a low/no-code detection builder, a content repository (The Armory) with pre-built detections that they can customize, and an OpenAI-powered chatbot to help them build SQL-based detections. “The chatbot feature shortens the detection co-writing process. It’s like having a SQL expert right there showing you quick answers on what the SQL code should look like,” says Georgin. As a result, the team has reduced their end-to-end detection building process significantly.
As the Crypto.com team continues operationalizing the Anvilogic platform, they are utilizing additional features to improve their existing workflows and save time. The Maturity Score, in particular, has been helpful in measuring where they currently stand and what else they need to do to see their number improve. They’re also looking forward to diving into the Insights feature of the Anvilogic platform: “Insights allows us to pay attention to a rare event or process that may look suspicious. That’s not something we’ve seen before in other tools,” says Bosco. By partnering with Anvilogic, the Crypto.com team can continue to move quickly and improve their coverage against threats to their business and customers.