Updated: Dec 15, 2019
Imagine a Security Operations Centre (SOC) practice that requires minimal technical analysis to determine if an alert is in fact an incident. The reduction in staffing, time and cost alone would drastically improve the state of the organisation’s security posture.
The successfully automated triage of security events and confirmation of security incidents enables a new paradigm in SOC evolution – The Risk Analyst. With basic analysis automated, the Risk Analyst is able to make informed decisions of action without lengthy delays in analysis.
Not only does this free up SOC resources, but it takes the complexity out of decision making for business leaders. Cyber security automation has focused primarily on the actions after a security alert is triggered, however, the rate of false positives and the process of tuning such rules is complex, time consuming and therefore expensive.
The outdated L1 and 2 Security Analyst is therefore replaced by the Risk Analyst. Think Naval Combat Systems Operator or Air Traffic Controller. Interpretation of events and decision-making take a leading role in the lifecycle of a breach.
Context is provided to the risk analyst from automated investigation functions including session, user, endpoint and application information to build a Common Operating Picture. Historical data is also analysed to determine the risk score to each component so the analyst can make an informed decision on actions to remediate the attack. Combining this ability with a fully integrated product set, the Risk Analyst can determine the risk to the organisation and block, disable, quarantine, search and power down systems with confidence and ease.
With targeted threat intelligence to the Maritime Industry and specific use cases for Navigation and Process systems, the Managed Security Operations team at Praesidium Cyber is exactly what the industry needs. Effective, efficient and factual security information that is acted on in real time.