To better understand why we created the RedCarbon Incident Handling Platform, introducing AI in Incident Analysis is helpful to illustrate the Cybersecurity of technology.
Historically, Detection and Correlation started with SIEM. It made a great effort to identify and process data from various log data sources.
But because of the unique and different company scenario and IT infrastructure, computations and integrations compared results were highly costly.
Next phase SOCaaS Service was distributing high costs of talented humans and software to different customers, permitting some cost reduction. But time and cost of triage analysis by incident ratio were still high. The HR market lacked qualified operators, so even that way to deliver servicing was still costly and challenging.
MDR introduced a new architecture that improved detection with distributed endpoints.
It was another step in more accurately identifying anomalies and tentative compromisations. The analysis was still expensive, and the increasing number of attacks made costs explode again.
xDR or Extended Capabilities is the last well-known phase.
It tried to introduce automation and Client-Tailored Threat monitoring on MDR extending the concept of Detection and Response to xDR. The evolution of attack techniques and the non-recurring cost of vertical automation coding made sustaining that strategy challenging.
In some cases, promised integration with third-party data sources was expensive, if not hard, to achieve.
After xDR, RedCarbon is introducing a new paradigm, our Virtual Experts position themself away from the existing traditional solution.
They are NOT an xDR or an Antivirus/Antimalware solution, but having an xDR solution is a prerequisite.
RedCarbon Virtual Experts grant triage and accurate analysis capability that other products do not have.
While other products and platforms best do is to detect and correlate, RedCarbon Virtual Expert gives Real Analysis and Human Readable Reporting in almost zero time.
RedCarbon’s vision is based on doing the next step, stopping your operators from being overwhelmed by hundreds of incidents to analyze to match and grant the SLA agreed with the stakeholders.
Our Virtual Analyst is mainly Cloud Based: only very rare and particular deployments are on-premises (e.g. Government & Critical Infrastructure). That permits us to position ourself far from existing MSSP and hybrid solutions. Computational capability may grow with the customers’ needs.
Virtual Expert family and Virtual Analyst grant the most benefit of introducing AI and automation. They use AI but leave control to humans. They permit fine-tuning of SOC and Companies’ Cybersecurity flows, reducing time and costs.
Our Virtual Experts and Virtual Analysts have a unique contextual understanding of every incident, calculating an accurate and correlated risk score in almost zero time.
© 2022 RedCarbon SA. All rights reserved