Long-term Search Cover Giacomo Lanzi

Long-term search: what’s new in the SOCaaS service

Ransomware commonly comes up with an email that tricks users into trusting a malicious file. Many of the most recent data breaches have been completed because a user has been the victim of such an attack in the previous period. Threats such as ransomware, which focus on user compromise, are causing more and more companies to adopt user and entity behavior analysis (UEBA) in their security operations center (SOC). The new functions of the SOC service, including long-term search, are oriented towards the increasing offer of additional tools for the optimal management of corporate security.

We continue to innovate our platform to increase the power of SOC in fighting ransomware and other threats. In our latest release, we have added even more machine-learning and context-aware detection capabilities that enable security analysts to tackle the most sophisticated attacks. Furthermore, the latest updates bring an ever greater ease of use for security architects.

Long-term search - SOCaaS news

Long-term search for the security analyst

The service introduces a number of innovations to reduce detection and response times for security analysts and threat seekers.

Improved detection of sophisticated threats

Long-term search helps analysts discover hidden threats by providing a search capability on archived data. The search is scalable and does not affect SIEM performance.
Analytics Sandbox helps break down false positives by providing an online QA environment to test and validate use cases.
– Persona-based threat chains detect advanced threats more accurately, including the dynamic relationship between users, hosts, IP addresses, and email addresses. Analysts benefit from greater visibility into the progression of an attack. This feature combines suspicious activity from a single user into a single priority alert, instead of separate and unrelated alerts.
Relative Rarity offers analysts a broader context on how rare an event is compared to all other events in their environment.
Viewing security alerts using the MITER ATT&CK Threat Framework helps analysts prioritize risk and reduce response times.

Reduction of response times

Improved case management allows for better management, sharing and investigation of alarms, allowing operators to respond more quickly.
New EDR integrations improve incident response by providing additional endpoint data from CarbonBlack Defense, Tanium, Symantec DLP and others.
Better search views improve the analyst experience by reducing detection and response times. They help analysts easily identify compromised accounts, data exfiltration, and associated hotspots.

Why long-term search is so important

With a global dwell time of around 60 days on average, threat hunting continues to be an important part of cybersecurity resilience. However, searching through the data history usually takes a long time.

Many vendors are unable to dynamically scale a quick search through archived data without significant effort. The latest features of our SOCaaS provide this possibility for threat hunters with long-term search on an almost unlimited scale. With long-term research, organizations can reduce the time it takes to investigate and find threats that are already in their environment.

Analysts need to continually query the data to see if there are new threats. For example, an analyst might learn from a trusted source that their industry has been targeted. At this point we need to investigate a new indicator of compromise that has just been discovered to verify if an attacker is already inside.

Through long-term search, SOD’s native SOCaaS SIEM allows threat hunters to be proactive, making historical data research fast and convenient.

Conclusions

By introducing new technologies into our SOC service, we are offering more and more security for our customers.

We take care of your data by verifying not only that it is not safe now, but also that it has not been breached in the past. In case we suspect a new threat, we know how to spot it.

If you have any questions, contact us, we will be happy to answer all your questions.

Useful links:

Share


RSS

More Articles…

Categories …

Tags

RSS Dark Reading

RSS Full Disclosure

  • APPLE-SA-2023-09-21-6 macOS Ventura 13.6 September 23, 2023
    Posted by Apple Product Security via Fulldisclosure on Sep 22APPLE-SA-2023-09-21-6 macOS Ventura 13.6 macOS Ventura 13.6 addresses the following issues. Information about the security content is also available at https://support.apple.com/kb/HT213931. Apple maintains a Security Updates page at https://support.apple.com/HT201222 which lists recent software updates with security advisories. Additional CVE entries coming soon. Kernel Available for: macOS […]
  • APPLE-SA-2023-09-21-7 macOS Monterey 12.7 September 23, 2023
    Posted by Apple Product Security via Fulldisclosure on Sep 22APPLE-SA-2023-09-21-7 macOS Monterey 12.7 macOS Monterey 12.7 addresses the following issues. Information about the security content is also available at https://support.apple.com/kb/HT213932. Apple maintains a Security Updates page at https://support.apple.com/HT201222 which lists recent software updates with security advisories. Additional CVE entries coming soon. Kernel Available for: macOS […]
  • APPLE-SA-2023-09-21-5 watchOS 9.6.3 September 23, 2023
    Posted by Apple Product Security via Fulldisclosure on Sep 22APPLE-SA-2023-09-21-5 watchOS 9.6.3 watchOS 9.6.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/kb/HT213929. Apple maintains a Security Updates page at https://support.apple.com/HT201222 which lists recent software updates with security advisories. Kernel Available for: Apple Watch Series 4 and later Impact: A […]
  • APPLE-SA-2023-09-21-4 watchOS 10.0.1 September 23, 2023
    Posted by Apple Product Security via Fulldisclosure on Sep 22APPLE-SA-2023-09-21-4 watchOS 10.0.1 watchOS 10.0.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/kb/HT213928. Apple maintains a Security Updates page at https://support.apple.com/HT201222 which lists recent software updates with security advisories. Kernel Available for: Apple Watch Series 4 and later Impact: A […]
  • APPLE-SA-2023-09-21-3 iOS 16.7 and iPadOS 16.7 September 23, 2023
    Posted by Apple Product Security via Fulldisclosure on Sep 22APPLE-SA-2023-09-21-3 iOS 16.7 and iPadOS 16.7 iOS 16.7 and iPadOS 16.7 addresses the following issues. Information about the security content is also available at https://support.apple.com/kb/HT213927. Apple maintains a Security Updates page at https://support.apple.com/HT201222 which lists recent software updates with security advisories. Additional CVE entries coming soon. […]
  • APPLE-SA-2023-09-21-2 iOS 17.0.1 and iPadOS 17.0.1 September 23, 2023
    Posted by Apple Product Security via Fulldisclosure on Sep 22APPLE-SA-2023-09-21-2 iOS 17.0.1 and iPadOS 17.0.1 iOS 17.0.1 and iPadOS 17.0.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/kb/HT213926. Apple maintains a Security Updates page at https://support.apple.com/HT201222 which lists recent software updates with security advisories. Kernel Available for: iPhone XS […]
  • APPLE-SA-2023-09-21-1 Safari 16.6.1 September 23, 2023
    Posted by Apple Product Security via Fulldisclosure on Sep 22APPLE-SA-2023-09-21-1 Safari 16.6.1 Safari 16.6.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/kb/HT213930. Apple maintains a Security Updates page at https://support.apple.com/HT201222 which lists recent software updates with security advisories. WebKit Available for: macOS Big Sur and Monterey Impact: Processing web […]
  • Advisory X41-2023-001: Two Vulnerabilities in OPNsense September 23, 2023
    Posted by X41 D-Sec GmbH Advisories via Fulldisclosure on Sep 22Advisory X41-2023-001: Two Vulnerabilities in OPNsense =========================================================== Highest Severity Rating: High Confirmed Affected Versions: 23.1.11_1, 23.7.3, 23.7.4 Confirmed Patched Versions: Commit 484753b2abe3fd0fcdb73d8bf00c3fc3709eb8b7 Vendor: Deciso B.V. / OPNsense Vendor URL: https://opnsense.org Credit: X41 D-Sec GmbH, Yasar Klawohn and JM Status: Public Advisory-URL:...
  • SEC Consult SA-20230918-0 :: Authenticated Remote Code Execution and Missing Authentication in Atos Unify OpenScape September 18, 2023
    Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Sep 18SEC Consult Vulnerability Lab Security Advisory < 20230918-0 > ======================================================================= title: Authenticated Remote Code Execution and Missing Authentication product: Atos Unify OpenScape Session Border Controller Atos Unify OpenScape Branch Atos Unify OpenScape BCF vulnerable version: OpenScape SBC...
  • SEC Consult SA-20230829-0 :: Reflected Cross-Site Scripting (XSS) in PTC - Codebeamer (ALM Solution) September 18, 2023
    Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Sep 18SEC Consult Vulnerability Lab Security Advisory < 20230829-0 > ======================================================================= title: Reflected Cross-Site Scripting (XSS) product: PTC - Codebeamer (ALM Solution) vulnerable version: =21.09-SP14 CVE number: CVE-2023-4296...

Customers

Newsletter