Anomaly detection is the process of distinguishing a genuine security alert from false positives alerts in a SOC (Security Operations Center). Anomalies are a strong indicator of cyber threat triggered by unexpected but legitimate malicious actions. It is a powerful method of threat hunting as it significantly reduces noise and accelerates incident response. A robust anomaly detection mechanism can reduce IT overheads and inaccuracy associated with manual alert validation and investigation. There are several solutions which are good at reducing false positives, however, they may still generate anomalies that require SOC analysts to spend considerable time on further analysis.
Anomaly Detection in Netenrich
Netenrich Resolution Intelligence® provides advanced anomaly detection capabilities drawing on AIOps (Artificial Intelligence for IT Operations) and machine-human contextualization. It can not only identify anomalies and create tickets, but also able to prescribe action based on the impact, timeline, history, and classification of analytics.