Skip to the main content.
Partner Programs
Already a Partner?
The Value of Partnership with Netenrich



  • Netenrich /
  • Blog /
  • SANS Institute Evaluates Resolution Intelligence Cloud, Gives Thumbs Up

3 min read

SANS Institute Evaluates Resolution Intelligence Cloud, Gives Thumbs Up

To keep an enterprise up and running, security is essential and no doubt, why security teams keep more than busy. Day in, day out, they are responsible for scanning for vulnerabilities, searching for high-impact risks, and alerting on potential issues across environments. What they are often not responsible for, however, is the next step: fixing the issues they find.

After an extensive evaluation, as documented in its report, “Security and Operational Intelligence,” the SANS Institute determined that Resolution Intelligence Cloud bridges the gap between security and digital operations to enable this key next critical step. The platform provides all teams, including SecOps, ITOps, and DevOps, with access to the same data as well as an intelligent and effective way to route — especially from an escalation perspective — actionable, contextualized findings to the teams who can fix issues.  

Per SANS, Resolution Intelligence Cloud is an all-encompassing security and operations platform that ingests, correlates, and presents data to stakeholders in an actionable manner so they can make decisions and resolve problems at the speed of the business.

“This SaaS platform provides a holistic way to monitor your infrastructure, with real-time management capabilities that allow you to stay on top of issues and act before they become major problems. Furthermore, Netenrich is built on top of Google Chronicle, allowing for wider data ingestion, threat detection and response, and significant noise reduction.”

SANS also noted that it’s important to keep in mind that these actions — ingestion, correlation, analysis, prioritization, intelligent routing — are performed automatically and “behind the scenes” with Resolution Intelligence Cloud. This way, security and IT analysts can focus not only on real-time resolution but also, as SANS said, “monitoring and managing the environment — keeping adversaries at bay.”


Better insight, better efficiency: The power of dashboards

SANS describes Resolution Intelligence Cloud as an actionable and insightful platform, meaning it’s accessible and appealing to all different types of users, including IT operations and security teams. Anyone can log in and immediately begin using it. The dashboards make it easy to understand where to go according to unique user needs — and most importantly, facilitates routing and remediation.

For instance, a security analyst may want to first focus on Detection Coverage. The “Detection Coverage” dashboard (see below) provides insights into key metrics, such as application health, availability, and performance.

detection coverage dashboard


At the same time, this security analyst may want a view into the overall wellness of the system, which is also beneficial to an IT operator. The Wellness dashboard (see below) helps everyone get on the same page — again, a holistic view — especially in terms of incident identification and prioritization of action.

wellness dashboard


Moreover, these dashboards are all tunable to an organization’s specific requirements and what they deem most important. For example, an open SSH may be a firestorm for one company; while at another, it’s a foregone conclusion — for whatever reason. It all depends on unique levels of risk assessment and tolerance, environmental knowledge, operational intelligence, and understanding how the organization should be functioning.


More than just alerts and detection 

What’s also customizable is response. As SANS calls out in its review, “[Resolution Intelligence Cloud’s] ActOn capabilities enable you to create a customized approach to responding to alerts. Whether it’s tracking analysis activities, letting users quickly jump into a ‘war room’ for analysis discussions, or enabling automated actions, the platform levels up any security team.” 

ActOns are actionable insights, prioritized by risk to the business — for example, data/system criticality. As SANS aptly explained, “Among all the noise a typical enterprise may see, ActOns help analysts determine ‘what matters’ and, therefore, where to focus.”


ActOns dashboard


For deep insight into enterprise assets, consider Resolution Intelligence Cloud

As SANS sees it, if you’re looking to gain deep, insightful metrics into your enterprise assets, consider Resolution Intelligence Cloud. With the platform, you can enhance the capabilities of your existing technologies without needing to constantly pivot between them.

“Whether it’s identifying potential vulnerabilities in the environment, accurately tracking assets of all shapes and sizes, or responding to suspicious activity with detailed, automated actions, Resolution Intelligence Cloud combines the functionality of Extended Detection and Response (XDR); Security Orchestration, Automation, and Response (SOAR); Security Information and Event Management (SIEM); and asset management platforms all in one place.”

To learn more, read the full SANS report, “Security and Operational Intelligence,” and listen to the on-demand webinar, “Using Intelligent Data as a Force Multiplier for Security and IT Ops,” where I discussed with Matt Bromiley, a Certified Instructor at SANS Institute, the top takeaways from the report.

How to Achieve Autonomic Security Operations with Resolution Intelligence Cloud?

How to Achieve Autonomic Security Operations with Resolution Intelligence Cloud?

So, what’s a SOC? Some still believe they needa physical SOC building, where they can see, touch, and manage servers. Others feel it’s necessaryto...

Read More
Redefining Cybersecurity ROI: From Tool Accumulation to True Resilience

Redefining Cybersecurity ROI: From Tool Accumulation to True Resilience

In the ever-evolving landscape of cyber threats, it's not surprising that organizations are expanding their cybersecurity budgets to fortify their...

Read More
Discovering the ADHUBLLKA Ransomware Family: Tracing the Roots of LOLKEK, BIT, OBZ, U2K, TZW Variants

Discovering the ADHUBLLKA Ransomware Family: Tracing the Roots of LOLKEK, BIT, OBZ, U2K, TZW Variants

This article is not an in-depth reverse-engineering analysis of a ransomware variant. Rather, it discusses the methods and different techniques used...

Read More