Security teams often have to spend a lot of their time investigating incidents, which is time consuming and can distract from other tasks.
To improve the efficiency of security operations centers (SOCs), Israel-based SECDO is launching a new platform aimed at managed security service providers (MSSPs).
It provides advanced alert validation, investigation and remediation capabilities. The platform dramatically improves the efficiency of the SOC by automatically validating alerts from security event and information management (SIEM) systems, using unique thread-level endpoint activity data to identify false positives and prioritize true positives. Using SECDO, MSSPs will be able to handle the thousands of alerts that they receive each day, while meeting ever-more competitive SLAs for their customers.
"SECDO is a valuable platform for MSSPs who want to offer their customers advanced services while improving the efficiency and response times of their own SOC," says Shai Morag, CEO and Co-Founder of SECDO. "With SECDO's endpoint analytics, MSSP SOC teams can now understand the full context of every alert, visually investigate, and reduce the time and resources needed to identify and eradicate a breach".
The platform’s interactive data visualization technology enables SOC analysts to understand the 'who, what, where, when, and how' of every incident by showing the entire attack chain timeline back to the root cause. This enables first and second tier analysts to easily investigate and respond to threats without having to escalate to the next level. When an in-depth investigation is required, SECDO provides multi-dimensional, interactive search capabilities that can reduce hundreds of manual queries into a single visual search.
It uses SECDO's disruptive thread-level endpoint intelligence and causality analysis technologies to give service providers visibility into their customer’s environment. This allows MSSPs to offer the advanced threat protection, incident investigation and forensics services that are necessary to stay ahead in the security marketplace.
The platform has been in use for three months, with customers reporting positive results, you can find out more and request a demo on the SECDO website.
Photo credit: Alex Mit / Shutterstock