For many organisations, enlisting the help of third-party expertise to help manage and advise on IT is an increasingly attractive prospect. It’s especially popular in a security operations (SecOps) context, where small and mid-sized organisations are struggling to manage mounting threat volumes and alert overload.
That’s why SOC.OS has become an increasingly popular choice for IT and managed service providers like Cambridge-based Intergence.
Making data meaningful
Rupert Ogilvie is VP of Optimisation at the firm, where he plays a key role in delivering high-touch consulting services to drive customer satisfaction. Security services are just one of many managed IT offerings provided to Intergence customers. But its arguably one of the most challenging areas, especially given the “number and complexity of data sources” that many customers have to deal with, Ogilvie explains.
“Organisations have so many tools, which all produce data that needs to be winnowed down into meaningful bites for investigation. This is a challenge,” he adds. “A lot of smaller companies acquire more and more security tools as they grow, and then new regulations kick in, and before they realise it they have no way to manage all of this security data.”
SOC.OS is built to help companies like Intergence solve these challenges for their customers. It’s a SaaS-based alert prioritisation tool which begins by ingesting data from all an organisation’s on-premises and cloud-based solutions. We then enrich this data with threat intelligence and business context, and correlate alerts into prioritised groups, or “clusters”. These are presented in a highly intuitive graphical format for seamless investigation.
A trusted partner
SOC.OS allows IT service providers like Intergence to add tremendous value for their customers by recommending its advanced capabilities. Ogilvie is particularly impressed with the way triaged alert data is presented, to “take the complexity out of data analysis and make it easier for customers to focus on the important things.”
In so doing, it saves customers time and energy, he says. And—perhaps most importantly—it minimises cyber-risk by ensuring fewer threats slip in under the radar.