Helping SOC Analysts
CF: What are the biggest issues/headaches facing SOC analysts, and how are LogRhythm and its partners helping with those?
GA: Like I said, cybersecurity is very complex. One of the issues that most SOCs have is that they have a lot of different tools. How do I bring it all together where I can start making sense of a lot of tools and a lot of noise? How do things correlate? What are the differences if I’m getting an alert over here, but I’m not getting one over here, or I’m getting five over there, what does that mean? All of that correlation is very important. So what we do and what our partners do is help those clients with that. What we want to do is … simplify the process. We give them the most important alerts and alarms, and threats to act on. And either my partners can help remediate that, and be those eyes on the glass and do that incident response for them on that front line, or they do everything up to there and then hand it over to a team of professionals and say, “Here you go; here are the things to worry about.”
So again, nobody can do it by themselves. But with a world-class security information and event management (SIEM) like LogRhythm and with our world-class partners, we definitely help our customers come overcome those challenges.
