Subscribe To Our Newsletter!

Stay up to date on the top trending threats as well as the top stories in Security, Networks, Cloud, IT Ops & AIOps.

Is Your SOC “Intelligent”?

Evolve cybersecurity beyond the antiquated ticket-based model with a modern AIOps-based architecture.

Post by Liza Kurtz Nov 30, 2020

Cell phones, laptopsmonitors, meters, homes, cars, and even whole cities keep getting smarter. But what about the systems that protect them? Driving innovation across your business starts with transforming IT operations, and security is no exceptionTransformation includes, but can’t be limited to, pumping artificial intelligence (AI) into your Security Operations Center (SOC) and automating everything you can.  

Beyond that, modernizing security operations is about right-sizing the use of machine and analyst perspective to lower cost, improve efficiency, and free up security experts to do more expert things. [For more on why today’s approach to SOC disappoints, read our previous post, “SOC Challenges 2021: What needs to change?”] 

Enter Intelligent SOC 

A centralized point for monitoring, detecting and responding to events and incidents, the security operations center plays a vital role in stopping malware, exploits involving vulnerabilities, phishing, zero-day, DDoS, and insider attacks. Netenrich’s “Intelligent SOC” takes a top-down approach that starts with your target outcomes and applies automation, tribal knowledge and expertise to improve SOC effectiveness and better align with the business 

Intelligent SOC leverages Netenrich Resolution Intelligence to evolve cybersecurity beyond the antiquated ticket-based model with a modern AIOps-based architecture. The “as a Service” approach lets you consume what you need as you need it, bridges skills gaps, and improves efficiency to transform operations into better business outcomes. 

SecOps During Covid 19: Download Dark Reading Report

Intelligent SOC promotes a comprehensive strategy—prevent, detect, respond, and predictwith machines doing more of the heavy lifting. So, how exactly does it work? 

5 Elements of Intelligent SOC 

elements of intelligent soc

Netenrich defines the signature elements of Intelligent SOC as

  • Automation / AIOps 
  • Operationalized intelligence 
  • Combined internal and external perspective 
  • Resolution 
  • Transformation 

Automation / AIOps 

Intelligent SOC leverages an advanced big data platform and AIOps to automate tedious, repetitive tasksThe first goal is automating initial triage down to seconds or minutes by automating false positive elimination, event correlation and prioritization. 

Taking millions of alerts down to the handful that matter increases the odds that true positive get addressed by the right people at the right time to avoid devastating breaches.  

Automating the basics also frees up resources to confront targeted attacks and aggressively perform threat hunting and much needed human contextualization.  

soc automation

Operationalized intelligence 

Netenrich’s Resolution Intelligence architecture operationalizes technology, people, and processes across all digital operations (NetOps, SecOps, CloudOps)Rich contextual intelligence correlates multiple events and information sources to spot true anomalies and stitch together a clear and actionable pictureFor example, finding an aberration in user behavior to identify actual data exfiltration and an escalation from “need to review” to an automated response on the firewall or machine. 

Rethink SOC Strategies - Smarter, Faster, Safer

Combined internal and external perspective 

Assessing external risk includes threat and vulnerability intelligence, but even that is not enoughThe Netenrich platform operationalizes proprietary Threat & Attack Surface Intelligence within the Intelligent SOC to automatically enrich alerts and promote faster action.  

Netenrich’s Attack Surface Intelligence (ASI) delivers the outside-in view of digital brand risk including domain exposure, brand exposure, vulnerabilities, and misconfigurations—things traditional firewalls don’t catch. Combining ASI with traditional telemetry-based SOC analytics, the Intelligent SOC provides a comprehensive view of your attack chain.  

A complete outside-in perspective might also include penetration (pen) testing, Red Team exercises, simulating DDoS or phishing attacks, and other activities 

Compare ASI To Point-In-Time Penetration Testing

Resolution  

Netenrich’s vision of “Resolution Intelligence” starts with outcomes. For Intelligent SOC, that means resolving incidents and alerts better and faster right now, and resolving issues and inefficiencies from now on. All in all, that means fewer escalationsalerts and tickets, being first to know, and lowering your risk over time.   

Resolution Intelligence combines automation and security expertise, two precious commodities within today’s SOC, to uplevel SecOps while promoting compliance, resilience, analysis, and innovation.   

resolution intelligence for security

Transformation 

Intelligent SOC significantly reduces run costs, combats fatigue, promotes compliance, and makes SecOps more efficient. Transformation includes being able to demonstrate return on investments (ROI) in securitin the boardroom 

For example, illustrating a shrinking digital attack surface over time. A stronger, more proactive and scalable security posture lets the company innovate faster, deliver a better customer experience, and steer clear of headlines that damage the brand. 

Can SOC-as-a-Service Maximize The Value Of Your SIEM

Intelligent SOC as a Service: The best of both worlds 

Once you decide to invest in SOC, the “buy vs. build” dilemma comes into play. The debate always centers around cost, skills, and results. While large enterprises may continue to build and run their own, mid-market companies gain agility, predictability, and continuity by adopting SOC-as-a-Service.  

Intelligent SOC delivers

  • 50% faster onboarding
  • 35% reduction in SOC cost
  • Enhanced detection
  • Elastic consumption (data management)
  • Only contract the business outcomes you need

SaaSbased SOC reduces and normalizes run costs and bridges skills gaps, which in turn eclipses challenges around training, integration, rule updates, playbook creation, physical security, and storing log data. 

Offloading the drudgery of L1 tasks paves the way for promoting and retaining analysts while gaining both speed and coverage.  

The Intelligent SOC combines human and machine intelligence, inside-out and outside-in perspective, and proactive and reactive strategies to uplevel and transform operations. As metrics improve, so too does the estimation of the SOC and its perceived value to your organization.  

operationalize both human and machine intelligence

Stay tuned for a closer look at how CISOs are bridging skills gaps, or click here to try Intelligent SOC—FREE—with no risk.  

About the Author

Liza Kurtz

Subscribe To Our Newsletter!

The best source of information for Security, Networks, Cloud, and ITOps best practices. Join us.

Thank you for subscribing!

Related Post

Jan 13 2021

Turla Group: Do You KNOW This Threat Actor?

New evidence links the infamous SolarWinds hack to this threat actor.

Read More
Jan 13 2021

Right-sizing SOConomics Part I: Three Steps to Adopting an Intelligent SOC

The idea is to right-size the economics of SOC — based on requirements, resources, and the overall value derived from your ongoing spend.

Read More