SECDO has released a new set of integrations for its Endpoint Detection and Response (EDR) solution. It now supports several leading Security Information and Event Management (SIEM) platforms. Among the platforms supported are HP ArcSight, McAfee Enterprise Security Manager and Splunk. This is a set of two-way integrations enabling alerts to flow between SECDO and the SIEM platforms.
Shai Morag, the CEO and Co-founder of SECDO said: “As many organizations increasingly rely on SIEM solutions, investigating the overwhelming amount alerts is a critical, yet time-consuming and painstaking process that has become a serious bottleneck With our new two-way SIEM alert validation, SECDO enables security teams to focus their efforts on high priority incidents and eradicate breaches quickly.”
Reducing false positives and stopping malware
One of the challenges of many security solutions is reducing the number of false positives. These take up time and cause people to lose faith in security solutions. SECDO is taking and investigating alerts from the SIEM platforms. This exposes the severity of the alert and if further investigation or action is warranted. This is done by comparing the alert to its own 100-day rolling threat analytics. This results in a controlled response to the threat allowing security teams to minimise disruption to users.
The analysis is also fed back to the SIEM platforms. This provides them with more detailed information on the threat and its impact on end-user systems. Most SIEM platforms share threat intelligence so this additional data helps refine what is known about a threat.
When SECDO determines a need to respond to the threat it uses its IceBlock technology to freeze it. It also tracks it back to the first endpoint device to be infected. It then allows security teams to track the spread of a threat and develop an effective solution. That data is also fed back to the SIEM platforms to help other companies plan their prevention strategies.
The security landscape is vastly complicated today. IBM told analysts recently that there are now over750 security vendors it competes with. Most of those had point solutions with very little integration with other vendors. By integrating with the SIEM platforms SECDO is not only strengthening its own solution but also helping those vendors. It will be interesting to see who they partner with next.