A tool in the hands of the SOC Analyst
The everyday tasks of a SOC analyst can all be handled in a single place, so as to increase effectiveness, streamline and monitor the security event handling and incident management process. SOCStreams provides the analyst with a clear and dynamic view of the current status of security events against multiple monitored environments. Analysts can easily take actions on an event, delegate the event to one of their peers, escalate the issue to second level SOC Analysts and notify the appropriate point of contacts for the monitored environment, all through a single application view. This increases the efficiency of the analyst while reducing the time to respond at the same time.
Multitenant and multiplatform integration
SOCStreams provides full multitenant views and dashboards, along with role based access control and efficient user provisioning and management for the simultaneous support of multiple monitored environments. In addition, the software supports integration with multiple SIEM systems and third-party service desk applications through an extensive bidirectional API and out-of-the-box connectors for major vendors. Furthermore, provides MS Active Directory LDAP integration for authentication and authorization.
Automates and streamlines SOC processes
From security event assignment to SOC/shift-handover and SLA/OLA management, SOCStreams makes certain that the correct processes will be followed. This is achieved through the use of customizable workflows and knowledge base articles for security event handling and incident response, step-by-step playbooks for SOC operations and Use Case management, embedded processes for SOC/shift-handover and SLA/OLA measurement and reporting.
Adaptive Threat Response
SOCStreams’ Adaptive Threat Response (ATR) engine provides an integration layer with best of breed endpoint visibility and control sensors and third-party network security gateways. Combined with Adaptive Threat Response (ATR) engine SOCStreams provides the means to SOC analysts and Incident Response teams to surgically investigate suspicious activity and timely respond to security incidents.
The ATR engine can be invoked directly by security analytics/monitoring systems to provide additional, on-demand context, or manually by SOC analysts, in order to deliver the situational awareness required to analysts for verifying security events and taking follow-on actions, ranging from ongoing monitoring to containment.
Customer/Service Users focal point
Provides SOC customers and Service Users with a focal point, where all service related communications and service management activities are performed and/or tracked. Security Event and Incident notification, reports management, service requests, SLA/OLA reporting, all can be accessed or performed through a single interface with clear and dynamic dashboards and searchable views. Service users can have immediate view of security events raised for their environment, actions taken to manage them and their corresponding status, along with any other service-related information and key performance indicators (KPIs).