Autonomous SecOps: Your Virtual, Algorithm-Driven Tier 1 SOC Team

🚀 Launching Autonomous SecOps (Your Virtual, Algorithm-Driven Tier 1 SOC)

Written by Itai Tevet

    Share article
    FacebookTwitterLinkedInRedditCopy Link

    Top Blogs

    TL;DR We are helping security teams go beyond individual file analysis to automate their entire Endpoint and Email alert triage processes with our new dashboard. Autonomous SecOps provides a better, more affordable alternative to in-house Tier 1 teams or external Managed Detection & Response services.  Watch a demo here.

    Since Intezer’s inception, we have taken on ourselves a mission to empower SOC, IR, and Threat Intelligence teams – improving the tedious day-to-day tasks and helping them to defeat relentless threat actors. We are thankful for so many security teams who view Intezer as their trusted advisor for triaging, classifying, and responding to threats.

    Working with a variety of security teams we noticed some repeating patterns:

    • Talent shortage: According to a survey of cybersecurity decision-makers, 60% of organizations struggle to recruit cyber talent. We have observed this challenge in ALL of our clients, including Fortune 10 companies as well as smaller businesses. While this challenge and its related problems (alert fatigue, etc.) has been discussed for years, it is not going away.
    • Limits of existing solutions: Security automation tools are awesome, but limited. While SOAR and XDRs can save tons of legwork by creating “if-this-than-that” workflows and help you integrate between different products, they are not designed to automate core decision making tasks that actually require talent/skill (“is this alert a false positive?”, “what kind of threat is it?”, “how do I respond?”, “how do I make sure that this incident doesn’t occur again?”). The technologies that are used inside of a SOC are still not capable of streamlining detection and response at scale.
    • Managed Detection & Response services are costly and not thorough enough: Due to the challenges described above, many companies have turned to outsourcing at least some of their Tier 1/2 operations to Managed Detection and Response services (MDRs). Those services usually promise fewer alerts, more context, and cleaner dashboards. As they are based on human talent and services, they are extremely costly which is especially problematic during times of recession. In addition, deeper IR/forensics is done only in rare cases (usually for additional cost) – which increases the chances of human error.

    What’s next for SecOps? 

    It is becoming clear that Security Operations requires a transformation that would replace more people-based processes with technology, so security teams would not be stretched thin and people can focus only on alerts/tasks that really matter. Our vision for how the SecOps world would evolve includes:

    • People focusing only on real incidents – No chasing ghosts, false positives, and generic unwanted apps that create noise. Security teams need fewer alerts with more context, to use their precious time on important incident response and hunting tasks.
    • Affordable access to Tier 1 / MDR service – Businesses need ways to cover the tedious Tier 1 tasks that nobody wants to do, but without paying enormous amounts of money to outsource the work.
    • More engineering, less manual work – Similar to how the IT world has transformed to DevOps, security professionals need to be able to focus on creating more automatic workflows and hunting for sophisticated threats in their environment. This means spending less time on ongoing, repetitive threat analysis; threat classification and prioritization; forensics on incidents that don’t matter; tedious IOC extraction, and more.

    Leading the evolution of security operations

    We’re proud to take our role of being a trusted advisor to the next level and lead the path for the next evolution of SecOps, by launching our Autonomous SecOps offering.

    Autonomous SecOps is about using automated, algorithm-driven Tier 1 services that require little to no human supervision. We want to see SOC teams move from being stretched thin, to having every alert properly investigated and plenty of time for proactive threat hunting. This means maximizing automated technology to support your people, enable faster and better decision making for detection and response, and empower constant proactive threat hunting.

    The launch includes:

    1. New dashboard: We recently released our new dashboard view – the ultimate visualization of how you can automate your alert investigation pipelines. It’s presented in a simple way, providing you an easy way to add additional alert sources (EDR, SOAR, and more) as well as get visibility into the automated triage, incident response, and threat hunting processes that are happening behind the scenes.
    1. New integrations: We recently released integrations for popular EDR products (i.e. Crowdstrike, SentinelOne, Microsoft Defender) as well as SOAR products (i.e. XSOAR) to easily connect your endpoint and email alert pipelines and automate the investigation and response process. Once an integration is in place, every alert gets annotated with clear advice and recommended actions.
    2. New pricing packages: You asked, we listened. Integrating full alert pipelines requires a lot of file/URL/artifact/memory dump scans. This can consume a lot of quota on our service and become quite costly. Which is why we are now offering additional pricing tiers that are based on the number of endpoints being handled (with unlimited scans) instead of having a fixed analysis quota for individual scans. We’re happy to elaborate on this and while we don’t have pricing info on our website yet, feel free to reach out to our sales team for details.

    While it’s important for us to still allow on-demand analysis, the major weight of our focus would be to become that automated trusted advisor and provide a technology-based alternative for MDR.

    This launch is a big step forward for Intezer’s vision to help SOC teams go from being overwhelmed (or forced to outsource key tasks) to being in control with every alert properly investigated. We want SecOps teams to have time for proactive threat hunting, while saving time and budget that would otherwise goes to expensive outsourced services.

    See how Autonomous SecOps works

    To see how it works, you can watch this 5-minute recorded demo to get a high level view of how we can become your virtual Tier 1 in just a few clicks:

    Intezer’s platform is based on proprietary threat analysis technologies, not black magic – book a demo to talk with us and see for yourself how it works. Find out what makes Intezer different and how your team can leverage powerful automation to save time, resources, and make sure you catch the real threats.

    Get a demo.

    Itai Tevet

    Once led a government CERT. Now, CEO at Intezer, changing the way we detect, analyze and respond to malware.

    © Intezer.com 2022 All rights reserved
    Launching Autonomous SecOps: Your Virtual, Algorithm-Driven Tier 1 SOC TeamLaunching Autonomous SecOps: Your Virtual, Algorithm-Driven Tier 1 SOC Team Learn more