-
© 2020 SOC.OS
WHITEPAPER
-
SOC.OS | WHITEPAPER
1
SOC.OSINTRODUCING
© 2020 SOC.OS
SOC.OS is a security alert investigation and triage automation
tool with which we are fundamentally reimagining how security
operations are conducted today.
THE PROBLEMS THEY FACE
This paper outlines our typical user, the problems SOC.OS is
addressing, and the value the product delivers to our customer
community.
It has been designed and developed with the fundamental needs of
a stretched IT Security team at its very core.
MEET SHAZ: THE TYPICALSOC.OS CUSTOMER
Shaz has responsibility for IT security at their organisation.
As a part of their role, they are progressing their organisation’s
journey to cyber maturity, although the nature of their role means
that they wear many hats with competing priorities and work within
a stretched team.
WHO THEY ARE
Their organisation has deployed a handful of security devices,
which generate 100s if not 1000s of alerts daily. They are lacking
in correlation or consolidation of these alerts across their tools,
meaning alerts are addressed in isolation. The current SIEM/SOAR
solutions available in the market are tailored to large SOCs and
internal IT security teams, and are typically cost and resource
prohibitive for Shaz and her organisation.
-
SOC.OS | WHITEPAPER
ALERT FATIGUECHALLENGING
© 2020 SOC.OS 2
Alerts are valuable. Each could be the difference between a
minor incident and a business-hobbling disruption. However, there
can be too much of any good thing, even alerts. Where limited IT
and cyber security resources mean teams are evaluating and
responding to alerts manually, the triaging of 100S if not 1000s of
alerts daily can become overwhelming and ineffective.
Further compounding the problem faced by IT security teams; the
vast majority of alerts produced by an organisation’s security
tooling are false positives. Tracking down not just an individual
alert inthe haystack of false positives, but correlating
cybersecurity incidents occurring over a period of time is next to
impossible for a human analyst to achieve. SOC.OS makes that
correlation.
Alerts are enriched with external threat intelligence data
sources, including and associated threat type . The alerts are then
correlated into “clusters” based on shared entities and
threat types.
These clusters are then ranked so that the ones deemed to
require urgent investigation can be easily accessed on the SOC.OS
workbench. Users can also ”tag” critical assets within their
network, and clusters containing these assets are boosted further
up the priority ranking list.
Alert clusters are presented to the analyst in a “cluster queue”
and can be viewed and investigated through the unique SOC.OS user
interface, illustrating the evolution of the cyber event over
time.
HOW IT WORKS
AbuseIPDBMITRE ATT&CK®
-
SOC.OS | WHITEPAPER
AND THE
SOC.OS COMMUNITYOUR MISSION
© 2020 SOC.OS
In the early days of SOC.OS, prior to any code being written or
even any architectural designs; we spent months conducting
extensive market research and testing. In this exploration stage we
spoke to hundreds of Infosec professionals and prospective users,
identifying the pain points and struggles that come with modern
cyber security operations. Listening and collecting feedback about
the problems our peers and colleagues faced day-day, fuelled our
determination to transform the way in-house security operations are
conducted.
Thus, our mission was born; totackle alert fatigue head on in
aunique way and by doing so, fundamentally re-write the
playbookthat dictates how security operations are conducted today.
If our mission resonates with you we’d love to hear from you.
We maintain a collaborative and user centric product development
philosophy within our company, with a constant focus on customer
feedback. Becoming part of our innovative customer community means
you’ll have the exciting opportunity to work directly with the
founding team and influence the SOC.OS roadmap.
REQUEST A DEMO
[email protected]
www.socos.io @socoscyber
@socos_cyber
100 Avebury Boulevard,
Milton Keynes,
MK9 1FH
3
https://socos.io/free-trial/?mtb=hb-b-dbmailto:[email protected]://www.socos.io/https://www.linkedin.com/company/socoscyber/https://twitter.com/Socos_Cyber
