Lab Test Reveals 10x Productivity Gain From Real-Time Threat Intelligence for SIEMs

Key Takeaways

  • Independent test shows applying real-time threat intelligence powered by machine learning cuts analyst time to triage a security event from a firewall log from three minutes to 1.2 seconds on average (in a controlled environment), resulting in a 10x gain in productivity.
  • A typical organization with only 100 devices could generate over 2,500 outbound logs per hour. These numbers quickly add up as the organization size increases. SOCs are unable to effectively examine some logs, such as firewall logs, as it is too much data with insufficient context to identify relevant threats hidden within them.
  • Real-time threat intelligence can be automatically applied to potential indicators of compromise in these logs by enriching them with external context and quantifying risk. These decisions can be made by a machine-learning engine that generates relevant intelligence in real time from the entire web, across all languages.

Do you want to read the full report? Download your free copy now.

To learn more about the approach and findings, register for our webinar this Friday, September 15, 2016 at 10:00 AM ET (3:00 PM BST).

Operational defenders want threat intelligence to add tangible and quantifiable value to their organization’s security. As a provider of real-time threat intelligence, we strive to provide measurable benefits to our customers, who have reported back some impressive results.

For example, one customer went on record to say that Recorded Future helped reduced the amount of malicious traffic entering their network by 63%.

Inspired by the anecdotal feedback from our customers, we commissioned Codis Technologies, an information security consulting firm specializing in incident detection, incident recognition, and process automation, to conduct a lab test to measure the quantifiable value — in terms of productivity and security — that a SOC (security operations center) analyst gains from integrating Recorded Future with a SIEM (security information and event management) solution.

The results showed that one SOC analyst, in a controlled environment, experienced a 10x gain in productivity after Recorded Future real-time threat intelligence was integrated with a SIEM.

For the lab test use case, Codis Technologies chose to apply threat intelligence to firewall logs in a SIEM. Effective monitoring of firewall logs enables organizations to detect relevant threats that could otherwise be missed.

However, creating actionable security events from these high-volume/low-context log sources is a time-consuming challenge, especially when firewalls usually account for 50% or more of daily log volume. The lab test compared the effort required to triage the same report both with and without Recorded Future and and found an increase in analyst productivity and additional security benefit when Recorded Future was used.

To make the test more realistic Codis Technologies also enriched the same report with free OSINT (open source intelligence) feeds which did not significantly change our findings with Recorded Future. What makes this possible is Recorded Future’s threat intelligence powered by machine learning which provides automation, rich context, and risk prioritization — this is unmatched by predominantly manual means and existing technologies.

To download the full lab test report, click here.

To learn more about the approach and findings, register for our webinar this Friday, September 15, 2016 at 10:00 AM ET (3:00 PM BST).

We would love to hear your questions, comments, and suggestions on the report so feel free to email us at info [at] recordedfuture [dot] com. You can also request a personalized live demo.

The post Lab Test Reveals 10x Productivity Gain From Real-Time Threat Intelligence for SIEMs appeared first on Recorded Future.


from Recorded Future







Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: