In order to improve the process of working with incoming cybersecurity events Defensys has expanded functionalities of the Defensys SIEM. The release 1.3 has a range of updates: the developer has increased the number of functions for events collection and handling, implemented new tools for content processing and search, added a report builder and new integrations to external systems. These changes will lead to better security of IT infrastructure and improve efficiency of CS specialists.
Defensys continues developing technologies for data protection and prevention of cyberattacks. New features are included in the event processing pipeline by Defensys’ specialists, updates allow SOC’s analysts to manage data processing collection in the system’s interface. Thus, the Defensys team has added new elements to the already available input and output points, buses and event normalizer, among them are an aggregator, a router and a filter. This allows users to customize event handling at its fullest, that is especially important for a large infrastructure of sources and systems.
Therefore, changes affected the work with expertise objects. Each object is a product’s content part, which contains written expertise in processing and analyzing of CS events. The expertise includes normalization and correlation rules, active lists, enrichment tables, and event models. Defensys has improved the process of expertise objects’ preparation by adding new features. CS specialists now can not only create and change their own rules, but also copy and delete expertise’s elements, turn on/off and update used rules, apply templates and versioning. The Defensys SIEM v. 1.3 has a renewed validation and rules testing, that help SOC’s employees to conduct additional checks of the rules they developed in test systems. This excludes errors during content preparation and allows users to pre-evaluate its effectiveness. Consequently, it reduces the number of false positives and ensures system performance.
Functions of search tools were also expanded: Defensys has added syntax highlighting, query prompts generated by SOC analysts, quick filters directly from CS events, an interactive progress bar, and an event distribution graph. As well as support for all key query functions in databases, that help analysts to quickly find necessary events in a massive flow of incoming data.
An important update is the implementation of the report builder, that makes reports’ preparation easier. The report builder allows SOC’s analysts to create report templates and provide them to management according to the agreed schedule. This way managers of companies, that use the Defensys SIEM, have always state-of-the-art information regarding their SOC.
Moreover, integrations with external systems have been significantly updated. The release 1.3 has an active event collection from different databases and for HTTP protocol. New integration features enable a quick switch to interfaces of the Defensys SOAR and SENSE. This helps to collect more events from various systems and automatically transfer incidents to the Defensys SOAR for further response.
“The Defensys SIEM technology is developing very quickly. The first serious update after the product launch is a step forward to a more advanced and feature-rich system that meets modern SOCs’ requirements and reliably protects businesses from potential threats – commented Andrey Chechetkin, Deputy CEO at Defensys – Our company will continue working on improving SIEM technology, focusing on customers’ feedback and market research to maintain its leading position and promptly respond to new threats”.