Devo Security Operations: Transforming the SOC and scaling security analyst effectiveness

Devo Technology announced Devo Security Operations, the first security operations solution to combine critical security capabilities together with auto enrichment, threat intelligence community collaboration, a central evidence locker, and a streamlined analyst workflow.

This powerful combination transforms the security operations center (SOC) and scales security analyst effectiveness. Analysts no longer must rely on multiple tools to manually assemble the data, context, and intelligence required to identify and investigate the threats that matter most to their business.

Devo Security Operations puts this information at analysts’ fingertips across the entire threat lifecycle.

With a rapidly expanding attack surface and increasingly sophisticated adversaries who can progress from initial access to lateral movement in minutes, legacy SIEMs are failing to meet the needs of analysts and SOCs.

According to recent Ponemon Institute research, 53 percent of IT security practitioners believe their SOC is unable to gather evidence, investigate, and find the source of threats. Analysts must attempt to manually close the gap between detection and response, fueling the growing epidemic of analyst burnout and putting enterprises at risk.

Delivered on the powerful Devo Data Analytics Platform, Devo Security Operations reduces analysts’ workflow from hours to minutes, keeping SOCs ahead of even the most sophisticated adversaries.

“With traditional SIEM solutions, SOC teams struggle with too many false-positive alerts, and broken workflows, as well as speed, scale and performance issues that hinder analysts’ effectiveness,” said Julian Waits, general manager, cyber, Devo.

“We’re reinventing the category by leveraging powerful data analytics, automating incident workflow, and designing technology with a security practitioner’s mindset. Devo Security Operations arms analysts with new weapons and tactics for context-rich investigations, slashing the time from detection to response and significantly reducing or eliminating damage from an attack.”

An analyst’s perspective

“There is a need for a solution that incorporates new technologies to extend the capabilities of often-overtaxed security teams. Too often, these technologies are fragmented and poorly integrated,” said Scott Crawford, research vice president, information security, 451 Research.

“Devo Security Operations fills this need by combining key functionalities—including entity analytics, automation and hunting—into a single integrated platform.”

Devo Security Operations empowers SOC analysts to:

• Reduce noise, amplify signal with entity analytics – More reliably identify and investigate high-impact threats by shifting focus to entities. Classify, model and associate entities as the foundation for detection and investigation to deeply understand the organization’s environment and the behaviors of the business.
• Accelerate investigations and simplify workflow with auto enrichment – Gain a context-rich picture of entities, alerts and investigations without having to manually collect or query data, speeding the investigation process. Bring enrichment in earlier by automatically populating events with actionable, real-time data and context, including indicators from the Devo Threat Data Service, the community, and partners.
• Hunt more easily across all data and context – Run queries across any volume of data, any number of sources, and any time horizon to proactively identify threats. Powered by the Devo Data Analytics Platform, Devo Security Operations aggregates an organization’s diverse data for complete visibility at unprecedented speed, scale and performance.
• Operationalize the knowledge of the global security community – The Devo Threat Data Service enriches alerts with attributes and indicators ranging from IP addresses, emails, and files to hashes and domains. Organizations can consume indicators from, and collaborate with, the global MISP community and other internal or third-party sources, significantly expanding their scope and use of threat knowledge.
• Triage centralized evidence and analyze it for DFIR – The Devo Security Operations Evidence Toolkit for digital forensics and incident response (DFIR) provides an end-to-end workflow for centralizing and analyzing forensic evidence—PCAPs, memory dumps, PDFs, images and context—even enabling analysts to submit files to multiple sandboxes, all from a single location. Speed investigations and improve response time by providing analysts with access to the right evidence at the right time.

Devo Security Operations combines these capabilities in an integrated workflow, accelerating detection and response with auto enrichment. This enables analysts to operate more quickly and efficiently, drastically cutting response time.

Devo transforms the SOC to effectively address key security use cases, including threat hunting, threat detection, triage and investigation, and digital forensics. Devo Security Operations is available now worldwide.