Advanced analytics and streamlined workflow amplify analyst knowledge,
significantly reducing time between detection and response
CAMBRIDGE, Mass.—February 12, 2020—Devo Technology today announced Devo Security Operations, the first security operations solution to combine critical security capabilities together with auto enrichment, threat intelligence community collaboration, a central evidence locker, and a streamlined analyst workflow. This powerful combination transforms the security operations center (SOC) and scales security analyst effectiveness. Analysts no longer must rely on multiple tools to manually assemble the data, context and intelligence required to identify and investigate the threats that matter most to their business. Devo Security Operations puts this information at an analyst’s fingertips across the entire threat lifecycle.
With a rapidly expanding attack surface and increasingly sophisticated adversaries who can progress from initial access to lateral movement in minutes, legacy SIEMs are failing to meet the needs of analysts and SOCs. According to recent Ponemon Institute research, 53 percent of IT security practitioners believe their SOC is unable to gather evidence, investigate, and find the source of threats. Analysts must attempt to manually close the gap between detection and response, fueling the growing epidemic of analyst burnout and putting enterprises at risk. Delivered on the powerful Devo Data Analytics Platform, Devo Security Operations reduces analysts’ workflow from hours to minutes, keeping SOCs ahead of even the most sophisticated adversaries.
“With traditional SIEM solutions, SOC teams struggle with too many false-positive alerts, and broken workflows, as well as speed, scale and performance issues that hinder analysts’ effectiveness,” said Julian Waits, general manager, cyber, Devo. “We’re reinventing the category by leveraging powerful data analytics, automating incident workflow, and designing technology with a security practitioner’s mindset. Devo Security Operations arms analysts with new weapons and tactics for context-rich investigations, slashing the time from detection to response and significantly reducing or eliminating damage from an attack.”
An Analyst’s Perspective
“There is a need for a solution that incorporates new technologies to extend the capabilities of often-overtaxed security teams. Too often, these technologies are fragmented and poorly integrated,” said Scott Crawford, research vice president, information security, 451 Research. “Devo Security Operations fills this need by combining key functionalities—including entity analytics, automation and hunting—into a single integrated platform.”
Devo Security Operations empowers SOC analysts to:
- Reduce noise, amplify signal with entity analytics
More reliably identify and investigate high-impact threats by shifting focus to entities. Classify, model and associate entities as the foundation for detection and investigation to deeply understand the organization’s environment and the behaviors of the business.
- Accelerate investigations and simplify workflow with auto enrichment
Gain a context-rich picture of entities, alerts and investigations without having to manually collect or query data, speeding the investigation process. Bring enrichment in earlier by automatically populating events with actionable, real-time data and context including indicators from the Devo Threat Data Service, the community, and partners.
- Hunt more easily across all data and context
Run queries across any volume of data, any number of sources, and any time horizon to proactively identify threats. Powered by the Devo Data Analytics Platform, Devo Security Operations aggregates an organization’s diverse data for complete visibility at unprecedented speed, scale and performance.
- Operationalize the knowledge of the global security community
The Devo Threat Data Service enriches alerts with attributes and indicators ranging from IP addresses, emails, and files to hashes and domains. Organizations can consume indicators from, and collaborate with, the global MISP community and other internal or third-party sources, significantly expanding their scope and use of threat knowledge.
- Triage centralized evidence and analyze it for DFIR
The Devo Security Operations Evidence Toolkit for digital forensics and incident response (DFIR) provides an end-to-end workflow for centralizing and analyzing forensic evidence—PCAP data, memory dumps, PDFs, images, and context—even enabling analysts to submit files to multiple sandboxes, all from a single location. Speed investigations and improve response time by providing analysts with access to the right evidence at the right time.
Devo Security Operations combines these capabilities in an integrated workflow, accelerating detection and response with auto enrichment. This enables analysts to operate more quickly and efficiently, drastically cutting response time. Devo transforms the SOC to effectively address key security use cases, including threat hunting, threat detection, triage and investigation, and digital forensics. Devo Security Operations is available now worldwide.
Devo unlocks the full value of machine data for the world’s most instrumented enterprises, putting more data to work—now. Only the Devo data analytics platform addresses both the explosion in volume of machine data and the new, crushing demands of algorithms and automation. This enables IT operations and security teams to realize the full transformational promise of machine data to move businesses forward. Based in Cambridge, Mass., Devo is privately held and backed by Insight Partners. Learn more at devo.com.