SOC.OS the tool in 2021
Elasticsearch is a scalable open-source search and analytics engine. Implementing an Elasticsearch DB in the first part of 2021 allowed us to store, search, and analyse big volumes of data quickly – almost in real time. It stores all the data we put into it by default, working both as a search engine and a document store. We use it as the underlying engine/technology that powers SOC.OS, allowing us to implement complex search features and storage requirements. With Elasticsearch DB, we set the stage for many of the exciting updates for the SOC.OS tool, those from 2021, and those planned for 2022.
We spent the first part of 2021 focused on delivering the all-new SOC.OS Search functionality. Our goal was to completely transform the way in which users were able to investigate their clusters and the underlying data. This new functionality will allow users to build far more complex, no code queries, based on the different entities and attributes of alert clusters. A query could return all clusters which contain a certain hostname (supporting forensic analysis or day-day investigations), or return all clusters with a specific MITRE ATT&CK® threat type (supporting proactive hunting activities).
Our help and documentation resource is rapidly taking shape, and was released this past summer. We’re constantly updating with new “How-To's” for existing and newly released features, as well as set-up instructions for newly integrated security tools. And, as of November 2021, you can now find help pages linked directly from the SOC.OS platform.
Advanced Visualisation Filtering
You can now choose to view the visualisation grouped into time periods of Hour, Day, Week or Month, allowing you to better interpret clusters over varying time periods.
New Visualisation and Data Grid functionality
Since implementing the Elasticsearch DB back end, we can make improvements to many aspects of the platform. One of the features which we upgraded was the data grid (as it now directly pulls info from the Elastic DB), as well as using the data grid to filter the visualisation. This allows for the visualisation and data view to be filtered using search queries. Updating the cluster data view to be driven using search technology, allows only the data the user is interested in to load and therefore reduces loading times.
November saw a complete revamp of the SOC.OS scoring engine. Every alert is now given a score which is based on the multiplication of many factors. These factors (such as source system, alert actioned category and user context tags) are now also configurable by the user, which enhances the tool's capability of supressing noise and boosting the known criticals.
Two new dashboard widgets were introduced: the alert funnel and threat world map. The alert funnel represents all the alerts, clusters and critical clusters within an organisation, whereas the threat map visualises the location of external entities (IP addresses and hostnames) that SOC.OS has enriched.
SOC.OS the company
Since our spin-out in June 2020, the SOC.OS team has more than doubled. Our development team has grown, allowing us to deliver product updates and new feature requests even quicker. Our customer success and data teams have also added a new member, allowing us to add new integrations with security tools.
Innovation in Cyber
SOC.OS were proud winners of the Innovation in Cyber 2021 Award at the National Cyber Awards. Finalists amongst a group of exciting startups, we were pleased to walk away with the accolade on the night. It’s validation that the work that we’re doing – with the support and the feedback of our users – is moving us in the right direction towards solving some of the many challenges faced by stretched security teams and service providers.
For the first time, team SOC.OS attended some in person events! It’s been a great opportunity to get face-to-face with prospective users, and to meet other exciting companies seeking to solve the myriad challenges faced in cybersecurity. We’re looking forward to next year, and seeing many more friendly faces!
Mayor’s business programme
We were delighted to announce earlier in the year that we had been accepted onto the London & Partners Mayor’s International Business Programme, supported by the Mayor of London. The programme helps London-based scaleups expand internationally by providing access to mentorship, expert advice, virtual trade missions, focused e-workshops and events, as well as introductions to potential new business partners.
As ever, we're excited to continue to develop SOC.OS to meet the needs of our users, and always welcome input and enquiries. Please do get in touch with any questions, comments and suggestions – we’re looking forward to continue growing and developing in 2022 and beyond alongside our SOC.OS community.