To better understand why we created the RedCarbon Incident Handling Platform, introducing AI in Incident Analysis is helpful to illustrate the evolution of technology.
Historically, Detection and Correlation started with SIEM. It made a great effort to identify and process data from various log data sources.
But because of the unique and different company scenario and IT infrastructure, computations and integrations compared results were highly costly.
Next phase SOCaaS Service was distributing high costs of talented humans and software to different customers, permitting some cost reduction. But time and cost of triage analysis by incident ratio were still high. The HR market lacked qualified operators, so even that way to deliver servicing was still costly and challenging.
MDR introduced a new architecture that improved detection with distributed endpoints.
It was another step in more accurately identifying anomalies and tentative compromisations. The analysis was still expensive, and the increasing number of attacks made costs explode again.
xDR or Extended Capabilities is the last well-known phase.
It tried to introduce automation and Client-Tailored Threat monitoring on MDR extending the concept of Detection and Response to xDR. The evolution of attack techniques and the non-recurring cost of vertical automation coding made sustaining that strategy challenging.
In some cases, promised integration with third-party data sources was expensive, if not hard, to achieve.
After xDR, RedCarbon is introducing a new paradigm, Virtual Analyst positions itself away from the existing traditional solution. It is NOT an xDR solution or an Antivirus/Antimalware solution, but having an xDR solution is a prerequisite.
RedCarbon grants an accurate analysis capability that other products has not, while other products and platforms best do is to detect and correlate.
RedCarbon gives Real Analysis and Human Readable Reporting in almost zero time.
Evolution is based on doing the next step, stopping your operators from being overwhelmed by hundreds of incidents to analyse to match and grant the SLA agreed with the stakeholders.
Evolution is also that our Virtual Analyst is mainly Cloud Based: only very rare and particular deployments are on-premises (e.g. Government & Critical Infrastructure). That permits it to position itself far from existing MSSP and hybrid solutions. Computational capability may grow with the customers’ needs.
Virtual Analyst grants the most benefit of introducing AI and automation. It uses AI but leaves control to humans. It permits fine-tuning of SOC and Companies’ Cybersecurity flows, reducing time and costs.
Evolution is that Virtual Analyst has a unique contextual understanding of every incident, calculating an accurate and correlated risk score in almost zero time.
© 2024 Trademarks – RedCarbon is a trademark of RedCarbon SA.