Frequently Asked Questions

Numerous tools exist that can enrich cyber security data and give the analyst better infromation to make their job slightly easier.

– AI based incident detection
AI-powered sensors can make better observations and detect stealthy incidents. Incidents reported have to be put together and correlated by the security personnel.
(Notable products: Fireye SmartVision, DarkTrace, SentinelOne, Logrythm UEBA, etc.)

– SIEM
Important metrics like how many devices, how many countries, how many anomalies, how many logs, are dashboard-ed for security analysts to get a sense what to investigate. Investigations are to be conducted by analysts.
(Notable products: Splunk ES, Arcsight, Elastic, Azure Sentinel, etc.)

– Intelligent SIEM
This allows the security analyst to make additional if-then-else specific rules and outlier detection heuristics that generate alerts if certain log types are seen together within a specific time frame. Can reduce the amount of investigations to be done.
(Notable products: IBM QRadar, Exabeam, Securonix, Rapid7, etc.)

– SOAR Playbooks
They allow analysts to make specific RPA recipes to trigger certain sequences of events when a certain sequence of logs are detected within a specific time frame. Use cases are alert enrichment, ticket creation or escalation and incident response.
(Notable products: Splunk SOAR, Palo Alto Networks Cortex, IBM Resilient, etc.)

Cypienta analyzes the alerts from anti viruses, intrusion detection systems, network firewalls, email gateways, vulnerability management tools, and other security solutions, events from cloud, web, authentication, vpn, proxy, and other applications and systems, and thousands of other data types like third party threat intelligence.

Any data that can be ingested by a security information and event management (SIEM), and a little bit more.

No, the log aggregation and specific rule alerting that a SIEM can deliver can be very useful for a SOC.

No, you can use SOAR to automate specific recipes to respond once an attack is detected.

No, humans will spend less time fine-tuning rules, monitoring false-positive alerts, creating incidents, and conducting straight forward investigations, every day.
They will spend more time in areas that demand human intuition and creativity (like threat hunting, simulating stealthy attacks, emulating social engineering, analyzing risk management, and improving overall security posture, etc), while machines do what they do best: crunching data and finding the needle in the haystack.

Automatically correlating signals and traces, to uncover attacker progressions in your organization. 

Subscribe Now

Get monthly cyber data science news and insights

©Cypienta. All Rights Reserved.

Engineered by ezSec