An important part of the work on a Security Operations Center (SOC) is to filter the false positives. Which events need further investigation and which ones are false positives? How does one reduce thousands of events to a manageable and realistic number? And of course, without compromising on quality and reliability!
A well-equipped Security Information and Event Management solution (SIEM) can filter out between 99% and 99.8% of security events. But even after that, there might thousands of events left to investigate. The SOC will still need a lot of time to identify which events need further investigation.
What does mnemonic do?
To support a SOC, SMT offers the Managed Detect & Response service of mnemonic called Argus. The expert in the field of security. Through the Argus platform, machine learning and big data analytics are used to qualify the events. The number of events to be investigated can be reduced drastically. After this initial filtering, they are manually analyzed by mnemonic’s security analysts.
They enrich the data with additional threat intelligence from Argus. A combination of human and automated processing then leaves a manageable number of incidents to be forwarded to your own SOC staff. This way they are only researching security that really matter for your organization.
- Machine learning and big data analytics to identify events
- Manual analytics
- Extra threat intelligence