The cloud-native platform for centralized log management
Analytics, visualizations, and workflows purpose built for practitioners
Leading firms gaining more value from their machine data
Any source, any velocity – centralize logs, metrics, and traces for full visibility.
Close the gap between detection and response with an analyst-focused, cloud-native approach.
Understand complex environments with visual analysis and KPIs that matter most.
The most recent articles & research from Devo
As someone who began working in security operations centers (SOC) more than 30 years ago, back when we were known as computer incident response teams (CIRT), I am acutely aware of just how challenging it is to make a living as a SOC analyst. That’s why I’m so enthusiastic about the new Devo Security Operations Platform we launched recently.
I’m not going to reiterate all of the cutting-edge capabilities of the platform, which you can read about elsewhere on our website. Instead, I want to dig a little deeper into the aspect of this new solution that resonates most for me: how Devo Security Operations helps SOC analysts work more efficiently and productively so they can use their expertise to focus on the threats that matter most to their business.
Let’s begin by stating the obvious—SOC analysts have a tough job. They must quickly validate threats, gather evidence, understand adversarial behaviors, and determine an appropriate response. That can be overwhelming in today’s complex, multi-tool SOC. Tier 1 analysts, those at the more junior end of the spectrum, have it especially tough. They spend most of their time sorting through alerts—a lot of alerts—all day, every day, to identify which ones are real from the many, many false positives they see. That’s why they call it alert fatigue, and why analyst burnout is a big problem for SOC analysts.
Devo collaborated with the Ponemon Institute on a survey that found 53 percent of IT security practitioners believe their SOC is unable to gather evidence, investigate, and find the source of threats. That’s because, until now, analysts had to manually try to close the gap between detection and response. This has been a huge contributor to analyst burnout, and also has put enterprises and their data at risk.
As the Devo product development and cyber teams worked to bring Security Operations to market, we focused on delivering a platform that would make life easier for SOC analysts. I’m proud to say we accomplished that goal. A key differentiator of the Devo platform is how it reduces the time analysts spend triaging false positives so they can focus on the alerts that matter. This reduces alert fatigue, and, ultimately, mean time to resolution (MTTR). We use multiple methods to trigger high-signal alerts, including:
The words “practitioner experience” are really important. Most of the SOC analysts I’ve worked with, managed, and now engage with as Devo customers, are really good at what they do. They work hard and are rightfully proud of the skills they have developed. One of the things I really like about the Devo approach is the way we empower analysts to use their expertise to identify, investigate and hunt the threats that matter. Devo arms analysts with the weapons they need so they can use their forensics skills to quickly analyze data and gain a deep understanding of threats. This not only improves the security posture of businesses, it also makes analysts less likely to want to find other jobs.
Devo puts the information analysts need right at their fingertips, across the entire threat lifecycle. The thought of having a powerful tool like Devo Security Operations almost makes me want to go back to work as a SOC analyst… almost. But I do take a lot of satisfaction in knowing that thanks to Devo, analysts no longer have to perform all of that tedious, manual work to do their jobs well.
By Jason Mical
Sign up to stay informed with the latest updates from Devo.