Siemplify adopts machine learning for security operations to automatically match cases and analysts for better investigation and incident response

Siemplify, provider of security orchestration, automation and response (SOAR) offerings, revealed on Tuesday new machine learning capabilities in its security operations platform. Siemplify’s latest version is generally available for new and existing customers.

With this new version, security operations teams can expedite day-to-day workflow activities such as automatically assigning cases based on past analyst experience and identifying prior threats that can shed light on the best way to address new ones.

The Siemplify platform acts as a workbench for SOC teams by unifying security tools and processes across an organization’s entire environment. With this single pane of glass, security operations teams have a hub for managing technologies, investigating and triaging alerts, building and running consistent incident response playbooks and collaborating across the SOC.

The latest platform includes machine learning for better threat investigation to automatically assign cases to analysts based on previous case assignments and leverage prior threats to inform current investigations; and enhanced playbook editing features to maximize playbook customization and editing capabilities within the platform’s drag-and-drop playbook builder.

It also includes additional entity types for threat mapping to identify and investigate even more entities and relationships to build a full threat storyline, including credit cards, phone numbers, and  threat actors. It also includes new dashboard widgets and drill-down functionality. Analysts and SOC managers can now get an even better view of SOC performance with additional SOC KPI widgets for enhanced visibility and continuous improvement.

Built by security operations experts, the Siemplify platform delivers a powerful automation and orchestration engine that is fully customizable for engineers and a simple, intuitive SOC workbench that analysts love. As a result, security operations teams using Siemplify are able to eliminate alert fatigue, triple analyst productivity and reduce mean time to respond by 70 percent.

Security analysts lose precious time running queries and navigating multiple screens and data feeds just to gather the details needed to investigate a single alert.

Siemplify takes a practical approach to addressing these, and other common SOC roadblocks by uniquely combining security orchestration, automation and incident response and delivering it through a complete security operations workbench. This intuitive workbench prioritizes and consolidates cases, serving as the analyst’s single interface for the security operations processes and tools needed to investigate, analyze and remediate alerts.

Earlier this year, Cisco’s 2018 Annual Cybersecurity Report found that 34 percent of CISOs use machine learning to detect anomalies and notify their teams of potential vulnerabilities. With this enhanced detection capability comes the need for equivalent machine learning capabilities that help security operations teams keep pace and streamline daily security operations practices to most effectively address identified threats.

“Machine learning is often over-hyped, but our ability apply this technology to analyze all previous analyst actions and their outcomes, allows us provide truly valuable, usable recommendations and insights to security operations teams, ” said Amos Stern, co-founder and chief executive officer, Siemplify. “Security teams can now make better decisions that speed up the investigation and remediation of  threats.”


IoT Innovator Newsletter

Get the latest updates and industry news in your inbox! Enter your email address and name below to be the first to know.