“The creation of a standalone version of Enorasys and SOCStreams recognises that some organisations would prefer to manage security analytics and response orchestration in-house instead of utilising a software-as-a-service or managed security model. Our new products are enhanced to offer deeper levels of reporting and workflow management to help our customers utilise our advanced security analytics and response orchestration technologies within their own Security Operations Center (SOC) environments,” says Graham Mann, Managing Director Encode UK.
Enorasys Security Analytics is designed from the ground up to deliver early compromise detection by understanding the "attack logic" and exploitation path of the advanced and determined adversary. This is realised through "focused" Big Data Security Analytics harnessing powerful machine-learning techniques and encapsulated offensive and defensive expertise.
The platform employs a unique combination of Pattern recognition (supervised machine learning) with user and network node activity Profiling (unsupervised machine learning) and correlation with external/environment-specific Context data. In this way, the canned analytics modules are able to use the right tool for the job for each use case and corresponding monitored activity.
In addition, Enorasys Security Analytics provides advanced visualisation of risk scores and threat activity, along with a complete toolbox for fast and intuitive investigation of suspicious activity. The system can feed existing SIEM systems with alerts on high-risk activity, and the analyst interface can be easily invoked through SIEM consoles for further investigation and analysis.
SOCStreams in combination with its Adaptive Threat Response (ATR) engine takes the Incident Response process one step further, by providing SOC/CIRT analysts with a central focal point, the integration and the tools required to orchestrate response, ranging from security alert handling to targeted investigation and response. Furthermore, SOCStreams can constitute the main interface for both SOC service users and SOC personnel alike, where all service related communications and management activities are performed and/or tracked.
Encode platforms and services are based on hundreds of active APT simulation tests and more than 10 years of experience in responding to and assisting clients in mitigating advanced cyber threats. Supported by ongoing research and development within the Encode Threat Labs, the company has developed innovative ways to counter new attack and control evasion techniques.
