A SOC is about people, process and technology. Cysiv combines cybersecurity experts and processes with an innovative, next-gen SIEM (Cysiv Command) that is designed to be co-managed with our customer’s security teams.
Part of the power of Command is the threat detection indicator and detection rules. These rules are always evolving through our team of threat detection engineers, data scientists and through the results of investigations by our SOC team. The rules cover a vast number of use cases and telemetry sources.
However, there are always custom use cases that may only apply to a single environment. This includes security detections from custom applications, proactive hunting for targeted attacks, and use cases that are specific to an industry or an organization.
To provide complete flexibility, and to further improve the threat detection process, Cysiv has added custom rules as an important new feature to Command. Custom rules provides a powerful way to match and correlate enriched logs into indicators, for better visibility and reporting, or into custom detections for our SOC team.
I spoke with Mark Chatoor, Cysiv’s Director of Product Management, about this exciting new feature, how it was shaped by customers, and what problems it solves.
As you can see, the custom rules feature enhances the capability of the co-managed approach to SOC-as-a-Service. It provides flexibility in improving the visibility and reporting of interesting events, and a way to define custom detections to elevate to the SOC team.
The custom rule builder provides an intuitive and powerful ability to define and detect specific use cases for an organization. There is an option to simply email the results, which can then be searched or visualized in graphical forms. If there are searches that are actionable, a custom detection can be created and our SOC team will investigate and help remediate.
Another key use of custom rules is for identifying system health issues. For example, custom rules can be created to detect flow anomalies, to identify product health issues like outages, and to determine whether updates are required or whether any components are offline.
Custom rules will be automatically rolled out and made available to all Cysiv customers beginning next week.
Get in touch if you you have questions or would like to learn more about custom rules.