Hello and welcome back to the Managed Services blog! Today’s topic is an important one to modern threat intelligence and IT organizations. There are several services that offer threat advisories, but they all vary in their efficiency and dependability. In this edition of this blog, we will take a look at what’s most important in a threat advisory service, and how our threat advisory service, MSA, benefits IT and SOC departments.
What is the primary delivery of a threat advisory service? Of course, it’s in the name itself – to collect all alerts from vendors, researchers, systems and service providers and display them in threat feeds to IT managers and SOC analysts, advising them on the latest threats, vulnerabilities, and software/hardware patches. What we have seen is that there is a lot of “noise” in these feeds. Many of these alerts are irrelevant, show false positives, which can throw off even the most vigilant of analysts. The sheer number of these false positive alerts can cause analysts to spend their valuable time trying to sort through them, while missing out on the few critical alerts that matter. The threat advisory issue can also be attributed to the fact that, sometimes, IT departments and SOCs are extremely busy with other user-related day-today tasks that require their attention, and monitoring, sorting, and reporting alerts just isn’t a high priority at that moment. This kind of prioritizing, though, can, again, cause the most critical of alerts to be missed, and, by the time the analysts are able to view the advisory system, the critical alerts are hidden by hundreds of false positives.
So, what can be the solution to such a huge problem? The answer lies in taking as many alerts from as many sources as possible and applying machine-learning and artificial intelligence algorithms to classify the relevant and important alerts. Using machine learning techniques in the threat advisory system will help with filtering out the false positive alerts, and only show the alerts that matter.
Of course, nothing will ever replace the human analyst, and, granted, machine learning takes a huge amount of effort to train so it can filter out the right alerts, but, in the long run, it will lighten the work load of the SOC and IT departments, as they won’t spend so much time going through the ‘noise’ and see only the critical alerts.
One example of an effective threat advisory service with integrated machine learning is our own MSA, or Managed Security Threat Advisory service. It combines advanced machine learning algorithms with customizable alert metrics, which can be set to your infrastructure’s specific hardware and software. Alerts are received 24x7x365, and the system, along with our Threat Analyst, sifts out the critical ones from the less important ones. As part of the advisory, our Analysts also recommend risk mitigation steps that are specific to our client’s infrastructure and security requirements. This coupling of intelligent analysis and manual validation ensures that when our clients get an advisory from us, they know that it is important and relevant and it impacts their system’s security and they know how they can act upon it to mitigate the risk. They only get advisories that matter to their infrastructure – thereby saving them time and any undue headaches. The service not only sends advisories via email but also via text message and in case of critical alerts, via phone calls.
And with that, another edition of the Managed Services blog is wrapped up. Stay tuned for more posts coming soon. Take care, and stay cyber safe.