Mrs. MSSP, is your TI Effective?
By Doron Davidson, Founder & VP Business Development, SecBI
As SecBI’s XDR Platform is gaining interest among MSSPs, we’ve been asked to create some interesting reports for their analyst teams.
Consider these recent statistics showing the effectiveness of Threat Intelligence (TI) in the mix of SecBI”s machine learning technology in the output of true positives, false positives, highlighting additional unknowns IOCs. When building a multi-source detection and response system (XDR), we needed to reach beyond machine learning. And we also included TI, both open source, and the customer’s own TI thread. Calculating the severity of a threat based on many variables increases detection accuracy, leading us to add the weights of different TI sources based on their effectiveness in detecting true positives.
This way, if a TI source with high certainty points to a RAT is hit, the severity of the full-scope detected incident is elevated, and triggers automated response via the Endpoint agent (EDR) or Web Gateway. If the weight of this TI is only medium, this incident might only trigger an alert for Tier 1 triaging.
Want to hear and see more, meet us at CyberTech next week, or at the RSA Conference in February.