Security specialist Cyberbit has announced the latest version of their Security Operations Centre (SOC) 3D product. It boasts integrating with all the major Security Information and Event Management (SIEM) products. SOC 3D also supports the automation of runbooks and workflows. Perhaps the most interesting feature is the ability to prioritize incidents based on the impact to the business.
According to Adi Dar, CEO of Cyberbit: “The cost of a breach will soar the longer a company is exposed, so companies need a single, automated system like SOC 3D to mitigate these costs, reduce response times, and address the ‘alert storm.’ In a world of increasingly complicated and frequent threats, Cyberbit’s SOC 3D empowers analysts with a platform that enables them to focus on what they should do, rather than on how to do it. The platform also provides less-experienced analysts with the ability to respond based on proven IR tactics and techniques.”
Detecting the real attacks from the noise
Of all the features in the new version the ability to prioritise incidents based on business impact is the most interesting. This is because of the rise in Distributed Denial of Service (DDoS) attacks that are used as a distraction technique. Hackers let ITSec run around trying to deal with the DDoS attack while launching other targeted attacks. Many of these secondary attacks succeed and go unnoticed until much later.
Runbooks and workflow are also used far less than vendors and security experts might think. For many organisations a serious cyber attack is a cause for chaos and panic. Their security response is rarely an integrated process. ITSec will tend to focus on dealing with the incident while IT support is busy fielding calls from users.
What doesn’t happen is enough communication to management so that they can instantiate their incident response plans. Of course, this presupposes that companies have such a plan. The runbooks and workflow should help companies smooth the information flow between teams. It should also enable response plans to swing seamlessly into place.
What are Cyberbit adding in this release?
The new version of Cyberbit SOC 3D will ship in Q1 2017. The press release lists the key features as:
- Business impact prioritization – Prioritizes incidents which pose the highest business risk, so SOC teams can respond to them first.
- Dynamic workflow – Enforces the organizational best practices for incident response while updating the workflows dynamically as the incident evolves.
- Response automation – Automates and executes incident response measures as defined by the security operations team.
- Automatic data enrichment – Adds historical context and threat intelligence to incidents, enabling analysts to respond more effectively.
- Corporate-wide breach management – Extends breach management and control beyond the SOC to keep finance, operations, HR and the executive stakeholders informed.
- Ad-hoc reports – Converges and visualizes raw data from multiple security tools, such as SIEMs, IDSs, IPSs, threat intelligence feeds and firewalls.
- Unique insights – SOC 3D provides insights within a clear and easy to operate UI in order to minimize the time-to-insight and accelerate the investigation process.
Dealing with security incidents is getting increasingly complex. The challenge for most enterprises is not just how to deal with the incident but how to effectively detect the incident. They now have more information and data than ever before around their security. For most, however, they cannot detect the attacks due to the noise of so much data. What Cyberbit is offering is not just the ability to refine that data but, and more importantly, processes to handle the data and respond to incidents.