Intelligent Defense: How Netenrich Adaptive MDR™ Overcomes the Limitations of Traditional SIEMs
Traditional SIEMs just aren’t cutting it anymore. They rely on outdated, reactive measures that lead to inefficiencies, false positives, and missed...
3 min read
John Pirc : Tue, Jul 18, 2023 @ 08:30 AM
To keep an enterprise up and running, security is essential — and no doubt, why security teams keep more than busy. Day in, day out, they are responsible for scanning for vulnerabilities, searching for high-impact risks, and alerting on potential issues across environments. What they are often not responsible for, however, is the next step: fixing the issues they find.
After an extensive evaluation, as documented in its report, “Security and Operational Intelligence,” the SANS Institute determined that Resolution Intelligence Cloud bridges the gap between security and digital operations to enable this key next critical step. The platform provides all teams, including SecOps, ITOps, and DevOps, with access to the same data as well as an intelligent and effective way to route — especially from an escalation perspective — actionable, contextualized findings to the teams who can fix issues.
Per SANS, Resolution Intelligence Cloud is an all-encompassing security and operations platform that ingests, correlates, and presents data to stakeholders in an actionable manner so they can make decisions and resolve problems at the speed of the business.
“This SaaS platform provides a holistic way to monitor your infrastructure, with real-time management capabilities that allow you to stay on top of issues and act before they become major problems. Furthermore, Netenrich is built on top of Google Chronicle, allowing for wider data ingestion, threat detection and response, and significant noise reduction.”
SANS also noted that it’s important to keep in mind that these actions — ingestion, correlation, analysis, prioritization, intelligent routing — are performed automatically and “behind the scenes” with Resolution Intelligence Cloud. This way, security and IT analysts can focus not only on real-time resolution but also, as SANS said, “monitoring and managing the environment — keeping adversaries at bay.”
SANS describes Resolution Intelligence Cloud as an actionable and insightful platform, meaning it’s accessible and appealing to all different types of users, including IT operations and security teams. Anyone can log in and immediately begin using it. The dashboards make it easy to understand where to go according to unique user needs — and most importantly, facilitates routing and remediation.
For instance, a security analyst may want to first focus on Detection Coverage. The “Detection Coverage” dashboard (see below) provides insights into key metrics, such as application health, availability, and performance.
At the same time, this security analyst may want a view into the overall wellness of the system, which is also beneficial to an IT operator. The Wellness dashboard (see below) helps everyone get on the same page — again, a holistic view — especially in terms of incident identification and prioritization of action.
Moreover, these dashboards are all tunable to an organization’s specific requirements and what they deem most important. For example, an open SSH may be a firestorm for one company; while at another, it’s a foregone conclusion — for whatever reason. It all depends on unique levels of risk assessment and tolerance, environmental knowledge, operational intelligence, and understanding how the organization should be functioning.
What’s also customizable is response. As SANS calls out in its review, “[Resolution Intelligence Cloud’s] ActOn capabilities enable you to create a customized approach to responding to alerts. Whether it’s tracking analysis activities, letting users quickly jump into a ‘war room’ for analysis discussions, or enabling automated actions, the platform levels up any security team.”
ActOns are actionable insights, prioritized by risk to the business — for example, data/system criticality. As SANS aptly explained, “Among all the noise a typical enterprise may see, ActOns help analysts determine ‘what matters’ and, therefore, where to focus.”
As SANS sees it, if you’re looking to gain deep, insightful metrics into your enterprise assets, consider Resolution Intelligence Cloud. With the platform, you can enhance the capabilities of your existing technologies without needing to constantly pivot between them.
“Whether it’s identifying potential vulnerabilities in the environment, accurately tracking assets of all shapes and sizes, or responding to suspicious activity with detailed, automated actions, Resolution Intelligence Cloud combines the functionality of Extended Detection and Response (XDR); Security Orchestration, Automation, and Response (SOAR); Security Information and Event Management (SIEM); and asset management platforms all in one place.”
To learn more, read the full SANS report, “Security and Operational Intelligence,” and listen to the on-demand webinar, “Using Intelligent Data as a Force Multiplier for Security and IT Ops,” where I discussed with Matt Bromiley, a Certified Instructor at SANS Institute, the top takeaways from the report.
The best source of information for Security, Networks, Cloud, and ITOps best practices. Join us.
Traditional SIEMs just aren’t cutting it anymore. They rely on outdated, reactive measures that lead to inefficiencies, false positives, and missed...
Staying informed about emerging technologies is essential in cybersecurity. The Gartner® Hype Cycle™ for Security Operations 2024 report highlights...
Are you ready to take your NFL game day to the next level? Netenrich and Google are teaming up to offer an exclusive opportunity that combines the...