SOC SECURITY ANALYTICS

1
SOC SECURITY ANALYTICS

• A momentous portion of information security
  efforts focus on monitoring and analyzing data
  about events on networks, servers and other
  devices. Advances in big data analytics are now
  applied to security monitoring to enable both
  broader and more in-depth analysis. For leo
  technosofts intelligence driven SOC, big data
  security analytics and analysis is an extension
  of security information and event management
  (SIEM), CASB, PIM and related technologies. The
  quantitative difference in the volumes and types
  of data analyzed result in qualitative
  differences in the types of information extracted
  from security devices and applications and hence
  a resulting qualitative difference in the
  possible alerts/alarms.

2

• Leo TechnoSofts Intelligence Driven SOCs big
  data security analytics is designed to collect,
  integrate and analyze large volumes of data in
  near real time, which requires several additional
  capabilities like User Context Correlation,
  Security Control Visibilities like IFC, FISMA ,
  ISO and discovering Patterns between Devices,
  Identity, Data and Context together.
• Five key features distinguish big data security
  analytics from other information security
  domains.

3
KEY FEATURES

• Scalability and User Context Correlation
•  
• One of the key distinguishing features of Leo
  TechnoSoft's Intelligence Driven SOC Security
  Analytic is scalability. The platforms have the
  ability to collect data in real or near real
  time. Network traffic is a continual stream of
  packets that can be analyzed as fast as they are
  a captured. The analysis tool doesnt depend on a
  lull in network traffic to catch up on a backlog
  of packets to be analyzed.The analysis provides
  the ability to correlate events across time and
  space, which means the stream of events logged by
  one device, such as a Web server, may be highly
  significant with respect to events on an end-user
  device a short time later.

4
Reporting and visualization Security
Compliance 

• Another essential function of Leo TechnoSoft's
  Intelligence Driven SOC Security Analytic is
  reporting and support for analysis.Security
  professionals have on demand reporting to support
  operations and compliances dashboards. They also
  have access to dashboards with preconfigured
  security indicators to provide high-level
  overviews of key performance measures/indicators.V
  isualization presents information derived from
  big data sources in ways that can be readily and
  rapidly identified by security analysts. Leo
  TechnoSoft's Intelligence Driven SOC Security
  Analytic uses visualization techniques to help
  analysts understand complex relationships in
  linked data across a wide range of entities, such
  as websites, users and HTTP transactions.

5
Information context

• Since security events generate so much data,
  there is a risk of overwhelming analysts and
  other infosec professionals and limiting their
  ability to discern key events. Leo TechnoSoft's
  Intelligence Driven SOC Security Analytic frames
  data in the context of users, devices and events.
• Data without this kind of context is far less
  useful, and can lead to higher than necessary
  false positives. Contextual information improves
  the quality of behavioral analysis and anomaly
  detection. Contextual include somewhat static
  information, such as the fact that a particular
  employee works in a specific department. It also
  includes more productive information, such as
  typical usage patterns that can be subject to
  change over time.