The war against cybercrime is one of information and not just endless streams of data. Cyber incident responders need threat detection and interdiction tools that do more than just alert them, they need a system that helps them evolve from alert responders into alert hunters. SOCTRAQ is a heads-up display for security operation centers that provides directed focus for analysts to help them find the needle-in-a-haystack threats in the sea of SIEM data. We clarify and focus the attention of your analysts by showing real-time threat plots and dynamic motion displays. SOCTRAQ is the next generation of threat detection and interdiction and it’s ready today.
The approach SOCTraq takes to displaying received alerts is similar to that of an air traffic control interface. SOCTraq incorporates a visual element of “movement” to support active identification of advanced threats.
Compilation of disparate alerts/events into an identifiable threat chain and graphically depicts events and how their linkage could result in a compromise or breach.
SOCTraq includes both a rules and escalation engine for “recommended actions” and “countermeasures” as well as case management automation for tracking and managing incidents.
Identify faster, respond smarter, and monitor continuously across multiple domains.
Designation alerts are separated into one of four categories: Informational, Suspect, Configuration Management, and Critical.
Incidents are tracked in SOCTRAQ's integrated management system. Follow the steps of an Incident from Identification to Resolution.
Associate Case to Targeted Object
Record Details of Case
Classify/Determine Potentional Impact
Understand behavior pre/post security incident
Correlate & Link Data Elements
Coordinate & Collaborate with Incident Team
Respond to Incident
Take Corrective Action(s)
Determine if custom signatures are needed to deter future attacks
Communicate Findings with Stakeholders
Produce and Analyze Metrics
SOCTRAQ provides real-time automated threat detection to improve team productivity.
When attacks become stealthy and continuous, they are often overlooked by analysts due to the influx of data that needs to be sifted through on a daily basis. SOCTRAQ analyzes disparate alerts/events to produce an identifiable and traceable threat chain.
Analysts are alerted to suspicious activity and a visual depiction of the threat(s) is displayed in real-time and doesn't require further research from SOC analyst to determine criticality and next steps. SOCTRAQ manages and facilitates the appropriate actions taken regarding security threat events within the enterprise.
CyForce has developed the industry’s first mobile heads-up display (HUD) that allows Security Operations Center analysts to take the SOC with them for those times when they can’t be at their desks. The SOCTRAQ Mobile HUD application for the Android platform provides you with:
CyForce has developed the industry’s first mobile HUD that allows Security Operations Center analysts to take the SOC with them for those times when they can’t be at their desks. The SOCTRAQ Mobile HUD application for the Android platform provides you with: