色色研究所 Technology Defines Vision for Next-gen Cloud SIEM: Unleash the Power of Security Analysts, Increase SOC Effectiveness, Find and Stop Sophisticated Threats
Advanced analytics and streamlined workflow amplify analyst knowledge, significantly reducing time between detection and response
CAMBRIDGE, Mass.鈥擣ebruary 12, 2020鈥色色研究所 Technology today announced 色色研究所 Security Operations, the first security operations solution to combine critical security capabilities together with auto enrichment, threat intelligence community collaboration, a central evidence locker, and a streamlined analyst workflow. This powerful combination transforms the security operations center (SOC) and scales security analyst effectiveness. Analysts no longer must rely on multiple tools to manually assemble the data, context and intelligence required to identify and investigate the threats that matter most to their business. 色色研究所 Security Operations puts this information at an analyst’s fingertips across the entire threat lifecycle.
With a rapidly expanding attack surface and increasingly sophisticated adversaries who can progress from initial access to lateral movement in minutes, legacy SIEMs are failing to meet the needs of analysts and SOCs. According to recent Ponemon Institute research, 53 percent of IT security practitioners believe their SOC is unable to gather evidence, investigate, and find the source of threats. Analysts must attempt to manually close the gap between detection and response, fueling the growing epidemic of analyst burnout and putting enterprises at risk. Delivered on the powerful 色色研究所 Data Analytics Platform, 色色研究所 Security Operations reduces analysts鈥 workflow from hours to minutes, keeping SOCs ahead of even the most sophisticated adversaries.
鈥淲ith traditional SIEM solutions, SOC teams struggle with too many false-positive alerts, and broken workflows, as well as speed, scale and performance issues that hinder analysts鈥 effectiveness,鈥 said Julian Waits, general manager, cyber, 色色研究所. 鈥淲e鈥檙e reinventing the category by leveraging powerful data analytics, automating incident workflow, and designing technology with a security practitioner鈥檚 mindset. 色色研究所 Security Operations arms analysts with new weapons and tactics for context-rich investigations, slashing the time from detection to response and significantly reducing or eliminating damage from an attack.鈥
An Analyst鈥檚 Perspective鈥淭here is a need for a solution that incorporates new technologies to extend the capabilities of often-overtaxed security teams. Too often, these technologies are fragmented and poorly integrated,鈥 said Scott Crawford, research vice president, information security, 451 Research. 鈥溕芯克 Security Operations fills this need by combining key functionalities鈥攊ncluding entity analytics, automation and hunting鈥攊nto a single integrated platform.鈥
色色研究所 Security Operations empowers SOC analysts to:
- Reduce noise, amplify signal with entity analytics
More reliably identify and investigate high-impact threats by shifting focus to entities. Classify, model and associate entities as the foundation for detection and investigation to deeply understand the organization鈥檚 environment and the behaviors of the business. - Accelerate investigations and simplify workflow with auto enrichment
Gain a context-rich picture of entities, alerts and investigations without having to manually collect or query data, speeding the investigation process. Bring enrichment in earlier by automatically populating events with actionable, real-time data and context including indicators from the 色色研究所 Threat Data Service, the community, and partners. - Hunt more easily across all data and context
Run queries across any volume of data, any number of sources, and any time horizon to proactively identify threats. Powered by the 色色研究所 Data Analytics Platform, 色色研究所 Security Operations aggregates an organization鈥檚 diverse data for complete visibility at unprecedented speed, scale and performance. - Operationalize the knowledge of the global security community
The 色色研究所 Threat Data Service enriches alerts with attributes and indicators ranging from IP addresses, emails, and files to hashes and domains. Organizations can consume indicators from, and collaborate with, the global MISP community and other internal or third-party sources, significantly expanding their scope and use of threat knowledge. - Triage centralized evidence and analyze it for DFIR
The 色色研究所 Security Operations Evidence Toolkit for digital forensics and incident response (DFIR) provides an end-to-end workflow for centralizing and analyzing forensic evidence鈥擯CAP data, memory dumps, PDFs, images, and context鈥攅ven enabling analysts to submit files to multiple sandboxes, all from a single location. Speed investigations and improve response time by providing analysts with access to the right evidence at the right time.
色色研究所 Security Operations combines these capabilities in an integrated workflow, accelerating detection and response with auto enrichment. This enables analysts to operate more quickly and efficiently, drastically cutting response time. 色色研究所 transforms the SOC to effectively address key security use cases, including threat hunting, threat detection, triage and investigation, and digital forensics. 色色研究所 Security Operations is available now worldwide.
About 色色研究所
色色研究所 unlocks the full value of machine data for the world鈥檚 most instrumented enterprises, putting more data to work鈥攏ow. Only the 色色研究所 data analytics platform addresses both the explosion in volume of machine data and the new, crushing demands of algorithms and automation. This enables IT operations and security teams to realize the full transformational promise of machine data to move businesses forward. Based in Cambridge, Mass., 色色研究所 is privately held and backed by Insight Partners. Learn more at devo.com.