A new way to drive improved security analyst productivity
When we look at a typical SecOps team, a few challenges are almost always present, no matter the size or location of the team.
First, SecOp teams are made up of dedicated professionals who do all they can to keep their organizations or their customers’ environments safe. They work long hours, rarely have time to take a leisurely lunch, and have few and far between days off.
Second, these teams manage complex stacks of technology designed for various reasons, from protecting endpoints to controlling access to safeguarding data. These tools generate an enormous amount of data daily, and when combined with logs generated from IT and OT devices, you end up with a massive set of data needing analysis.
Finally, security teams must always make difficult tradeoffs regarding investigations, leaving a sizable number of alerts untouched for days or weeks. The only way to address these challenges is to change the game by introducing the Open XDR Investigator, which is precisely what we do for our customers.
The Open XDR Investigator, powered by GenAI, enables security analysts to complete investigations more efficiently. They can converse with our Open XDR platform like they might with a colleague.
By asking simple questions, the Investigator can:
- Perform complex queries across the entire dataset, returning precisely what the security analyst seeks.
- Create dynamic graphs that illustrate specific aspects of the dataset.
- Identify assets or users exhibiting abnormal behavior without manual effort.
- Understand the breadth and scope of any attack, seeing all impacted users, assets, and devices.
- Initiate complex response actions across the environment.
- And more.
We have a comprehensive roadmap for the Investigator that will ultimately enable any security analyst to complete investigations efficiently, with the first implementation focusing on the manually intensive task of threat hunting.
Now, instead of having to be a query writing guru, security analysts can ask questions such as “Show me any user or asset associated with a phishing attack that occurred over the past week.” The Investigator will then craft and execute the appropriate query, returning the results in seconds. For example, the analyst might notice that a specific device was targeted several times by a phishing attack and want to dive deeper into that machine.
The security analyst can then ask additional questions, such as “Show me all alerts and anomalies for X machine and compare that to other machines in the environment, showing any others that have a similar number of related alerts.” Now, with these two simple questions, the analyst performs an advanced investigation without creating a single query. After a few more questions, the analyst may discover that a small set of devices are spawning attacks, so they can ask the Investigator to respond, creating a report that can be shared with management and other stakeholders. This is just a straightforward example of the power of the Open XDR Investigator. We have a lot planned for this capability, so stay tuned.
To learn more about the Open XDR Investigator, contact us for a detailed demonstration and discussion on how this capability can drive your team’s productivity to the moon.
