Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 6 Next »

What is Devo Behavior Analytics?

New technologies and remote work continue to grow the attack surfaces of organizations. To make matters worse, organizations are struggling to find the adequate amount of analysts to take on this increasing workload as the supply-demand gap in the cybersecurity labor market continues to grow. As a result, alert fatigue caused by modern SoCs leads to undesired results including analyst burnout and significant missed alerts. 

In addition, SoCs frequently take a north-south approach towards security where they look at traffic coming in and out of their organization. However, if a bad actor gains access to a user’s credentials, this can be fatal as tools struggle to detect Insider Risk. On the other hand, it is significantly more difficult for a bad actor to imitate the behavior of a user; if a user that is based in Boston suddenly logs in from Russia, that is a sign of anomalous behavior and a potential risk within your organization. 

In order to bridge this skill and labor gap, Devo’s Autonomous SoC aims to empower analysts to perform higher level workflows. Whereas traditional SIEMs tend to require analysts sift through thousands of alerts a day, Behavioral Analytics allows analysts to take a different approach and to identify the riskiest ‘entities’ to investigate further instead. Entities are often defined as the components of a network: think IPs, domains, applications, and so forth. The normal behavior of these entities can be used to generate a ‘baseline’ or normal behavior. Any deviations against the baseline are then flagged and can be marked for further investigation by the analyst.  

How it can help you

By allowing analysts to prioritize and drill-down into risky entities, analysts can spend less time triaging irrelevant alerts and more time performing higher level SoC tasks such as incident management. Behavior Analytics can increase the time-to-value of their SIEM, spend less time dealing with false positives, and perhaps most important of all, help reduce the number of false negatives in their SoC.

  • No labels