Sometimes you have a problem for which several solutions are possible. And sometimes there is a single solution that can solve multiple problems.
Take a Swiss Army knife. You go camping and because you don’t want to carry around too much stuff, you take a Swiss Army knife with you. The ideal solution for buttering your fresh baguette with Nutella in the morning; after all, the word knife is in the name. But in the evening you can also use it to open your beer while sitting at the campfire and if you really are a fanatic hiker, there are also a few knives that come with a compass.
With such a diverse and multifunctional product, it should come as no surprise that the Victorinox company has been producing pocket knives for over 130 years. In addition to the fixed element of a knife, there are many different equipment options, from wine opener to compass and from magnifying glass to USB. It just depends on what problems you need to solve.
The right tooling is also of great importance within the cybersecurity domain. A Security Analyst in a SOC must carefully select his or her set of tools. The number of threats is increasing as well as the amount of sources of information to deal with these threats. The playing field has become more complex, which means that more and more knowledge and tools are required from Security Analysts. An analyst must therefore know all the ins and outs and at the same time be a generalist, a jack of all trades.
In addition to the multitude of tasks and resources the Cybersecurity Specialist needs to deal with, an abundance of reports can lead to alert fatigue; this means that due to the overwhelming number of alerts from different sources, a Security Analyst can no longer separate the wheat from the chaff. Ultimately, this can lead to missed or ignored notifications.
Within the cybersecurity playing field, we are therefore increasingly seeing solutions that solve multiple problems and that can counter this reporting fatigue. MicroSOC is a good example of this. MicroSOC is a Managed Detection & Response service from Orange Cyberdefense based on Extended Detection & Response (XDR) technology. With this managed SOC service, we not only ensure the detection and prevention of advanced threats, but our Security Analysts also separate the good from the bad for our customers.
Using low-impact agents, detailed data is collected from all endpoints. This is enriched with network data from the existing firewall and user activity from (Azure) Active Directory. The collected data is correlated and analysed for abnormal and malicious patterns using Artificial Intelligence. This technology, supplemented with Threat Intelligence, provides our Security Analysts with the right information and context to assess whether there is a real threat or if it is a false positive.
Curious about the benefits of this service? Visit our MicroSOC page.
MicroSOC is Orange Cyberdefense’s Swiss Army knife® (no pun intended), with which we monitor endpoint, network, and user activity to detect and stop advanced threats quickly and efficiently.