To keep an enterprise up and running, security is essential — and no doubt, why security teams keep more than busy. Day in, day out, they are responsible for scanning for vulnerabilities, searching for high-impact risks, and alerting on potential issues across environments. What they are often not responsible for, however, is the next step: fixing the issues they find.
After an extensive evaluation, as documented in its report, “Security and Operational Intelligence,” the SANS Institute determined that Resolution Intelligence Cloud bridges the gap between security and digital operations to enable this key next critical step. The platform provides all teams, including SecOps, ITOps, and DevOps, with access to the same data as well as an intelligent and effective way to route — especially from an escalation perspective — actionable, contextualized findings to the teams who can fix issues.
Per SANS, Resolution Intelligence Cloud is an all-encompassing security and operations platform that ingests, correlates, and presents data to stakeholders in an actionable manner so they can make decisions and resolve problems at the speed of the business.
“This SaaS platform provides a holistic way to monitor your infrastructure, with real-time management capabilities that allow you to stay on top of issues and act before they become major problems. Furthermore, Netenrich is built on top of Google Chronicle, allowing for wider data ingestion, threat detection and response, and significant noise reduction.”
SANS also noted that it’s important to keep in mind that these actions — ingestion, correlation, analysis, prioritization, intelligent routing — are performed automatically and “behind the scenes” with Resolution Intelligence Cloud. This way, security and IT analysts can focus not only on real-time resolution but also, as SANS said, “monitoring and managing the environment — keeping adversaries at bay.”
SANS describes Resolution Intelligence Cloud as an actionable and insightful platform, meaning it’s accessible and appealing to all different types of users, including IT operations and security teams. Anyone can log in and immediately begin using it. The dashboards make it easy to understand where to go according to unique user needs — and most importantly, facilitates routing and remediation.
For instance, a security analyst may want to first focus on Detection Coverage. The “Detection Coverage” dashboard (see below) provides insights into key metrics, such as application health, availability, and performance.
At the same time, this security analyst may want a view into the overall wellness of the system, which is also beneficial to an IT operator. The Wellness dashboard (see below) helps everyone get on the same page — again, a holistic view — especially in terms of incident identification and prioritization of action.
Moreover, these dashboards are all tunable to an organization’s specific requirements and what they deem most important. For example, an open SSH may be a firestorm for one company; while at another, it’s a foregone conclusion — for whatever reason. It all depends on unique levels of risk assessment and tolerance, environmental knowledge, operational intelligence, and understanding how the organization should be functioning.
What’s also customizable is response. As SANS calls out in its review, “[Resolution Intelligence Cloud’s] ActOn capabilities enable you to create a customized approach to responding to alerts. Whether it’s tracking analysis activities, letting users quickly jump into a ‘war room’ for analysis discussions, or enabling automated actions, the platform levels up any security team.”
ActOns are actionable insights, prioritized by risk to the business — for example, data/system criticality. As SANS aptly explained, “Among all the noise a typical enterprise may see, ActOns help analysts determine ‘what matters’ and, therefore, where to focus.”
As SANS sees it, if you’re looking to gain deep, insightful metrics into your enterprise assets, consider Resolution Intelligence Cloud. With the platform, you can enhance the capabilities of your existing technologies without needing to constantly pivot between them.
“Whether it’s identifying potential vulnerabilities in the environment, accurately tracking assets of all shapes and sizes, or responding to suspicious activity with detailed, automated actions, Resolution Intelligence Cloud combines the functionality of Extended Detection and Response (XDR); Security Orchestration, Automation, and Response (SOAR); Security Information and Event Management (SIEM); and asset management platforms all in one place.”
To learn more, read the full SANS report, “Security and Operational Intelligence,” and listen to the on-demand webinar, “Using Intelligent Data as a Force Multiplier for Security and IT Ops,” where I discussed with Matt Bromiley, a Certified Instructor at SANS Institute, the top takeaways from the report.
Rakesh Krishnan: Wed, Apr 03, 2024 @ 09:32 AM
This is a preliminary report based only on the data leak site (DLS), listed victims, and other observed patterns. A detailed investigation will...
Netenrich: Tue, Feb 06, 2024 @ 12:25 AM
As the first, exclusive pure-play Google Chronicle SecOps partner, Netenrich is 100% committed to the Chronicle SecOps and Mandiant technology stacks...
Rakesh Krishnan: Mon, Feb 05, 2024 @ 05:00 AM
This article focuses on my research to uncoverthe identity of Hunters International ransomware group’s (Surface Web) Dedicated Leak Site (DLS). It...
John Pirc