Devo Technology, the data analytics company that unlocks the full value of machine data for the world’s most instrumented enterprises, will preview its next-gen cloud SIEM at Black Hat USA 2019 in Las Vegas.
Digital transformation is creating rapidly growing volumes of data, leading to new vulnerabilities and attack vectors, while adversaries are growing increasingly more sophisticated. As a result, SOCs are struggling to fulfill their critical mission of identifying and eliminating threats. With the industry’s current solutions, analysts lack visibility across the expanding attack surface, are overwhelmed by the volume of security alerts, and struggle to reliably identify and act on threats due to a lack of context about the threats and entities involved.
“The effectiveness of the SOC, and cybersecurity as a whole, comes down to the effectiveness of security analysts. It is quite obvious that legacy SIEMs fail to provide the visibility, insight, and workflows required to support the modern analyst,” said Julian Waits, General Manager of Cyber, Devo. “Devo empowers SOC analysts by harnessing their intuition, creativity, and expertise, arming them with the latest technology vital to furthering their mission to stop material threats.”
Devo believes all data has the potential to inform and improve cybersecurity. The next-gen SIEM must evolve to become the central hub for all data and processes within the SOC, not simply provide alert management for traditional security events. This will empower analysts to visualize the threats that matter most to the business, improve the speed and accuracy of triage, investigation, and response, and magnify the intuition of analysts.
To meet these expanding needs, SIEM must deliver the following critical capabilities:
- Behavioral analytics: SIEM must make ML-based behavioral observations of users and systems on the network the foundation of detection. This shift is key to enabling analysts to move beyond restrictive rules-based detection to reliably identify high-impact threats and gain the context required to act.
- Community collaboration: SIEM must foster a community among peers and with providers by operationalizing threat sharing of curated proprietary, open, and commercial intelligence, and providing access to a community of global CERTs. This enables SOCs to stand together through collaborative analysis and prevents repetitive investigative efforts.
- Analyst insight: SIEM must capture and learn from analyst behavior to help automate investigations, improve decision-making, and speed onboarding of new security talent by incorporating best practices, continuous learning, and analyst intuition.
- Orchestration & automation: SIEM must enable rapid threat response through integration with solutions that automate manual, repetitive processes and orchestrate the incident-response workflow.
- Cloud: SIEM must be cloud native, combining SaaS-based services with core product capabilities, and offer flexible deployment models that enable enterprises and MSSPs to streamline security operations as they shift to the cloud.
Finally, these capabilities must be delivered through a scalable, extensible data analytics platform, purpose-built for petabyte-scale data growth and the real-time and historical analytics demands of the modern SOC.
A tech preview of Devo’s coming solution to deliver on this vision for the security industry will be unveiled at Black Hat USA in Booth #2115.