From overwhelm to oversight: How ContraForce is revolutionising security automation

Security automation is vital in today’s world and Microsoft Sentinel is a widely adopted, but complex answer. ContraForce is an easy-to-use add-on that automatically processes, verifies and warns of threats, round-the-clock.

In a digital world, cybersecurity is absolutely critical, which is why an increasing number of enterprises are adopting Zero-Trust policies. However, without proper technological assistance, this means that security teams will be forced to individually verify every user, endpoint, and application, adding massively to the amount of work on their plates.

Automation would appear to be the answer, which is why many companies have invested in Sentinel. This is Microsoft’s native security information and event management (SIEM) and security orchestration, automation and response (SOAR) platform, designed to help companies stay ahead of risk.

The challenge here, suggests Patrick Evans, CEO of SLVA Cybersecurity, lies in the fact that despite its robust capabilities, Sentinel is a tool that remains incredibly challenging for end-users to utilise.

“Bearing in mind that cybersecurity skills remain at a premium globally, what is really required is a solution that can be used as easily by IT generalists, as by experienced cybersecurity professionals. This is why we recommend using ContraForce, a solution designed around this principle and built specifically for the Microsoft environment. Pertinently, it is also an offering that works as well in an organisation of five people or one with 5 000 employees,” he says.

How ContraForce works, he explains, is by leveraging Sentinel to process security data, then using automated security monitoring to verify threats – distilling millions of events into thousands of alerts, and then into a handful of incidents. The solution immediately notifies users via email, Teams, or SMS when an alert is verified, thereby providing around-the-clock threat detection and response.

“The fundamental and critical difference between ContraForce and Sentinel is that the latter requires a security operations engineering team to constantly manage detection engineering, response engineering, and data pipeline management, to ensure that data costs being ingested into Sentinel don’t get out of control.”

“ContraForce, on the other hand, automates the management of these areas, although access is still provided to an expert team of security engineers – on an on-demand basis – to help with modifying rules, creating custom response actions, and connecting any data source required.”

Furthermore, he adds, a ContraForce implementation is seamless, with installation and deployment taking place online within minutes. This is significantly faster than Sentinel and will thus also positively impact the deployment economies of scale in your favour.

ContraForce works so well, continues Evans, because it not only connects to your existing security investments, but also uses artificial intelligence (AI) and machine learning (ML) to immediately adapt to each enterprise’s unique environment. This, in turn, enables it to categorise threats accordingly and respond automatically to incidents, as and when then they occur.

“The solution can also be applied in the Microsoft 365 environment, the full Azure cloud environment, and even across your firewalls and intrusion detection devices, regardless of who provided them. This vendor agnosticism enables IT teams to condense their technology stack into a single dashboard that makes existing tools easier to use and allows them to take action directly from this one screen.”

“In a digital world where the clamour for Zero Trust policies and the demand for around-the-clock threat detection and response, is growing, ContraForce makes perfect sense. It is a tool that automates and simplifies much of the cybersecurity process, delivering complete oversight, understanding, and confidence,” he concludes.