SecurityHQ has launched a new mobile app for iOS and Android calling it: “The power of SOC in your hands.” The app is designed to make communication between SOC and customer easier, smoother, and more effective. The expectation is that this will lead to both faster response times around incidents and better tracking.
Feras Tappuni, CEO, SecurityHQ, said: “SecurityHQ have been delivering on its platform for over six years. It has constantly been upgraded to provide our enterprise grade incidence response capabilities, to maintain complete visibility to our clients.
“The launch of our new mobile app will take all the power of SecurityHQ, onto a fully secured application on your phone, to give clients an incredible reach into their domain, 24/7, at their convenience. The feedback we have had so far has been terrific. Especially with regards to being able to monitor crucial information instantly, while still working remotely.”
What does this mean for customers?
Managed Security Services Providers (MSSP) regularly warn customers of new threats and incidents. For many customers, making immediate use of that data is limited. The threat intelligence needs to be assessed and then applied to local systems. The implication in the press release is that the app will change that.
For example, the SOC detects a threat to a customer. It sends an alert through the app to a designated contact or contact group. That alert contains the details of the threat and a set of actions that the customer can take to mitigate the threat.
The app alert is not just a one-off. It allows the user to request more details of a threat from the SOC. They can also report and track any incidents to see what is happening and what remediation is ongoing.
Enterprise Times: What does this mean?
Speed of response to threat intelligence varies widely between companies. The security team’s maturity and ability to assess information is a key part of the response. Sending that via an app to a designated contact who can immediately engage with the SOC to better understand the alert makes sense. It also creates a more collaborative engagement between customers and the SOC.
The question that remains, however, is how much will this increase the workload in the SOC? Getting closer to customers is a good thing. Sharing more data, especially in terms of actionable intelligence, where they can use it faster, is better than just sending threat intelligence that has to be assessed. But, the more you create a collaborative environment, the more the communication between both parties increases. Can the SOC deal with that increased contact? Will all SOC staff need training in how to communicate with customers? Who will pick up any extra costs for that time taken?
That aside, if this speeds up time to first action and improves how incidents are dealt with, that’s a good thing.
