Is noise really the enemy? 🤔 SOC teams often face a tough choice: ➡️ Go broad for coverage but get swamped by noise ➡️ Go precise but risk overlooking critical threats But what if low-confidence detections weren't the problem? According to the Detection Engineering Collective (and SnapAttack’s philosophy), low-confidence detections are opportunities with the right context. As our CPO, Tim Nary, puts it, “Low confidence detections are not inherently 'bad', they just need additional context to be actionable. Organizations that deploy only high confidence, 'alertable' detections will miss out on a lot of detection opportunities, leading to higher mean times to detection (if they even can detect at all).” The reality is, you can't defend if you can't detect. And with XDR and modern data analysis tools, we can now deal with the noise in a way that we couldn't before. SnapAttack helps you continuously measure and fine-tune detection confidence, filtering out the noise that matters. By anonymizing confidence data across organizations, our platform highlights what’s worth your attention—so your SOC can operate smarter, not noisier. Want a fresh perspective on managing noise? Check out Detect.fyi's latest blog, "Are you keeping up with your low confidence detections?", here: https://lnkd.in/edqiwNnk #soc #xdr #threatdetection
SnapAttack’s Post
More Relevant Posts
-
SOC Teams: Threat Detection Tools Are Stifling Us The overwhelming volume of false positives their tools yield is causing burnout, they say, and allowing real threats to slip through the noise. [...] "[What] the data tells us is that, more than a threat detection problem, SOC teams have an attack signal problem. The promise of consolidation and platformization have yet to take hold, and what SOC teams really need is an accurate attack signal." https://lnkd.in/gUJPs75n
To view or add a comment, sign in
-
Some questions to ask as you evaluate your next uplift initiative for threat detection 1. How does <insert offering> cater for company specific enrichment data? 2. How does <insert offering> ensure log adherence to the models requirements? (How does it use data from Q1?) 3. What are the true positive "not malicious" rates for the approaches taken to identify successful compromise? 4. What is the breakdown of approaches for <insert offering> to identify different stages of the kill-chain for a given attack? (IOCS v rules v ML etc.) 5. How do you actually make life better for the Detection team in managing the coverage across their area of responsibility without adding another system to have to export into a spreadsheet to calculate threat coverage? I can keep going however after Q3 it is irrelevant as the SOC will be dealing with hundreds of "yeah this looks bad except here it is normal" a day which happens far more often than many will care to admit due to the overhead of managing such collections of generic logic. (if only there was a better approach that didn't include just turning off the majority of the rules 🤔 💡:) ) #threatdetection Illuminate Security
To view or add a comment, sign in
-
Our new platform we release at RSA is incredible. Being one of the only OpenXDR/MDR companies in the space - unifying everyone’s technology is extremely complex however we’ve figured it out. OpenXDR meaning we can leverage the customers security tech stack vs. a magic black box and improve their security. We have our own too of course if a customer wants our full stack, but we integrate completely with a customers existing technology. The coolest part, we bolster the customers own technology with our threat intelligence, counter intelligence, detection engineering, and response capabilities within the customer itself. So down the road, it’s yours, not ours. #MakeTheWorldASaferPlace binarydefense.com #BinaryDefense
Binary Defense | Managed Detection and Response
https://www.binarydefense.com
To view or add a comment, sign in
-
Making Sense of Operational Technology Attacks: The Past, Present, and Future https://lnkd.in/d_qXEPhd
Making Sense of Operational Technology Attacks: The Past, Present, and Future
thehackernews.com
To view or add a comment, sign in
-
Check out the Lateral Movement tactic (#TA0008) explained, including associated techniques, top data sources, and relevant detection algorithms helping to identify related malicious activity.
Lateral Movement Tactic | TA0008 - SOC Prime
https://socprime.com
To view or add a comment, sign in
-
Who can afford a $4 million data breach? Most organizations we work with can't. Read this brief to learn how Managed Detection and Response Pro from Dell Technologies can help secure your IT environment and protect your most critical assets from bad actors. #databreach #MDR
Identify vulnerabilities and prioritize for immediate action
shirewiregs.lll-ll.com
To view or add a comment, sign in
-
Who can afford a $4 million data breach? Most organizations we work with can't. Read this brief to learn how Managed Detection and Response Pro from Dell Technologies can help secure your IT environment and protect your most critical assets from bad actors. #databreach #MDR
Identify vulnerabilities and prioritize for immediate action
shappek.lll-ll.com
To view or add a comment, sign in
-
Who can afford a $4 million data breach? Most organizations we work with can't. Read this brief to learn how Managed Detection and Response Pro from Dell Technologies can help secure your IT environment and protect your most critical assets from bad actors. #databreach #MDR
Identify vulnerabilities and prioritize for immediate action
smstech.lll-ll.com
To view or add a comment, sign in
-
What are your network blind spots? How are you working to reduce them? Reduce network blind spots and identify endpoints with up to 99% accuracy. Better visibility means stronger security with a secure, AI–driven network. #HPWArubaNetworking https://hpe.to/6049XSwfx
To view or add a comment, sign in
-
Who can afford a $4 million data breach? Most organizations we work with can't. Read this brief to learn how Managed Detection and Response Pro from Dell Technologies can help secure your IT environment and protect your most critical assets from bad actors. #databreach #MDR
Identify vulnerabilities and prioritize for immediate action
mactechsolutions.lll-ll.com
To view or add a comment, sign in
4,196 followers