Leading cybersecurity association shows how Netenrich’s analytics platform is improving operations efficiencies with data analytics and automation for faster and more accurate threat management and response
July 2023 by Marc Jacob
Netenrich debuts its latest product review, “SANS Report: Security and Operational Intelligence,” an in-depth analysis of the Resolution Intelligence Cloud platform. Author Matt Bromiley, a SANS Digital Forensics and Incident Response instructor, provides solution insights as he interacts with the platform while following a typical threat management and response process. He highlights the platform’s use of data analytics and automation to reach increased efficiencies.
The Resolution Intelligence Cloud product review is available here or watch the on-demand webinar here with Matt Bromiley and John Pirc, VP of Product Management at Netenrich.
The following excerpts highlight some of Bromiley’s key points:
As their infrastructures become more complex and threat activity escalates, organizations continue to face major challenges.
• “Managing enterprise security and operational intelligence is no easy task. A wide range of available tools offer minimal capabilities, but most enterprises these days have vast data and telemetry sets that provide the actional insight they need to make smart decisions about the environment. Furthermore, this data must be consumed, correlated, and presented to users in an actionable manner so they can make decisions at the speed of the business.”
• “For organizations that currently have issues gaining deep, insightful metrics into their enterprise assets, we think Resolution Intelligence Cloud might be a solution worth considering.”
• “The important thing to remember about a platform like this is that all this data generation and analysis is done behind the scenes, by the automated systems built into the platform. By doing data analysis and correlation, the platform lets analysts and operators focus on solving problems and the tasks at hand.”
Resolution Intelligence Cloud correlates all security data and telemetry across all tools and systems to provide situational awareness and contextual intelligence for accurate response.
• “Resolution Intelligence Cloud is more than just alerts and detection. Its ActOn capabilities enable you to create a customized approach to responding to alerts. Whether it’s tracking analysis activities, letting users quickly jump into a ‘war room’ for analysis discussions, or enabling automated actions, the platform levels up any security team.”
• “One of Resolution Intelligence Cloud’s strongest differentiators lies in its intelligent routing and IT ops capabilities, which effectively direct issues to the right parties.”
• “We’ve spent time looking at Resolution Intelligence Cloud from a single organization’s point of view, but it can also be a force multiplier for managed services, like a managed service provider (MSP) or managed security service provider (MSSP). The platform supports multitenancy, SSO, and importing of content packs.”
Final takeaway on Resolution Intelligence Cloud:
• “Whether it’s identifying potential vulnerabilities in the environment, accurately tracking assets of all shapes and sizes, or responding to suspicious activity with detailed, automated actions, Resolution Intelligence Cloud combines the functionality of Extended Detection and Response (XDR); Security Orchestration, Automation, and Response (SOAR); Security Information and Event Management (SIEM); and asset management platforms all in one place.”
• “Furthermore, by letting Resolution Intelligence Cloud handle the data correlation and automated analyses, your teams can focus on monitoring and managing the environment—keeping adversaries at bay.”