This blog was written by Barbara Kay.
SOC analysts are getting beaten up by both commodity attacks and sophisticated ones, with many companies taking far more than a day or a week to close a case and few consistently digging all the way to root cause. McAfee research collected in May 2017 documented this dilemma and showed that companies are investing in advanced analytics and automation as a way to fight back:
- 85% of SOCS want to use more analytics
- 84% of SOCs want to use automation to move up the maturity scale
- Mature SOCs automate more than 3X more often than new SOC teams, but almost everyone is investing
- Mature SOCs automate more than 50% of investigation processes, and want to automate more
- Top active automation areas include real-time endpoint analysis, triage, forensics, and remediation.
We’re eager to help. As part of our expanding portfolio of automated threat and malware analytics based on machine learning, McAfee is proud to announce McAfee Investigator, a SaaS analytics subscription that transforms novice analysts into expert investigators. Rather than adding complexity with yet another product silo, it leverages the data sources and alerts of a SIEM and includes real-time endpoint visibility via McAfee ePolicy Orchestrator and a dissoluble agent.
McAfee Investigator automates data collection, organization, and case management within an expert system-driven workspace. Starting with prioritized triage, automation, Foundstone expertise, and machine learning (in fact, artificial intelligence as well) come together to guide analysts to consider the right questions and hypotheses for the specific situation. Insights with drill downs and visualizations help them explore the most relevant details and subtle indicators as they move rapidly through scoping, validation, documentation, and disposition.
Scott Howitt, senior vice president in the CISO organization of MGM International, says that McAfee Investigator helps them to spend more time on actual investigations:
“The way Investigator helps me mature my organization is with the automated playbooks, with the easier ability to go find like problems in my environment and things like that. My team spends less time switching between tools and focusing on how to make the tool work and actually focusing on the investigation than they did before.”
This service helps SOC teams mature operations as they fulfill several goals:
If you have an overworked SOC and a yen to try a new model that makes the most of the strengths of both humans and machines, this new service is worth a look. Visit mcafee.com/investigator or contact your sales manager to learn more.
For more news on McAfee Investigator and updates from MPOWER17 follow us on Twitter at @McAfee.