TOO MANY ALERTS FROM DISPARATE SECURITY TOOLS?

REQUEST A DEMO

Consolidate and enhance visibility with SOC.OS. 

REQUEST A DEMO
DOWNLOAD WHITEPAPER

WHAT IS SOC.OS?

Imagine you had an extra analyst in your team. One who could remember every interconnected relationship between every alert produced from each of your security tools. That would be great, right?


SOC.OS is that analyst! And, unlike any human, SOC.OS is working 24/7/365 to analyse, triage, and prioritise the most important incidents before escalating to you and your team for further review. Learn more in our whitepaper.

“Having a product like SOC.OS that analyses and correlates events, clusters them with threat scores, timelines and detailed threat explanations helps to reduce the resource we have to expend to monitor our security logs. The other great thing about SOC.OS is the active co-development approach integrating existing customers’ experiences and wishes.”


Oliver H.

Head of Central Computing, UK Atomic Energy Authority

“What I really like about the SOC.OS team is the energy, knowledge and passion for the product. We have been very pleased to be one of the early adopters and to see the fast evolution of a great product.”


Cecile D.

IT Director
The Dune Group

“Our journey with SOC.OS started while it was still a concept for a tool to help triage alerts across multiple source systems. It's been great to be able to feed back to the team and see features arrive reflecting my desires. The product has matured to a touchpoint which enables us to quickly maintain oversight across the environment and focus where our attention is needed.”

Chris S.

Information Security Manager
Natural History Museum London

“The point of SOC.OS is not to act as a detector or a trigger, it exists to filter out the noise. It’s easy to set up; just throw your security logs at it and it will show you where to spend your time looking. It looks across time and space and points out the things that need attention, thus the few staff you do have on site don’t waste time chasing down false positives.”


Jon G.

Systems Support Engineer
Gentoo Group

“The continual evolution of SOC.OS and its nascent capabilities is exciting and hugely beneficial, something Premier Oil is glad to be party to, as more and more data and events are drawn into the system, improving both the depth and breadth of Premier Oil’s cyber security.”

Vince M.

Group Information Security Manager
Premier Oil

TESTIMONIALS

Interested in a demo or have any questions?

CONTACT US

TECHNICAL DETAILS

Serverless, agile and co-creative

SOC.OS is constantly developing integrations with new security devices. See the complete list of compatible devices below. If you don’t find your specific tool on the list, don’t worry, as long as it produces alerts in machine-readable format, we’ll be able to integrate with it.  

The SOC.OS team adopts an Agile methodology and works collaboratively with customers. The product’s roadmap is heavily influenced by the customer community voice and new features are released quickly and frequently.

SOS.OS employs a serverless cloud based architecture, providing a scalable solution with high availability and minimal infrastructure management overhead.

COMPATIBLE DEVICES LIST

BENEFITS

SOC.OS consistently achieves greater than 90% triage volume reduction; meaning more time can be spent on higher value tasks

Efficiency Savings

Enhanced Network & Threat Visibility

Centralised View Control

Our unique user interface helps you quickly identify the “Who, what, when and how? of each incident in one quick glance

Dashboards and reporting give a consolidated view of disparate security tools and data silos all in one platform.

HOW DOES SOC.OS WORK?

3

Clusters are visualised in a graphical and unique way, allowing the analyst to quickly understand the MITRE ATT&CK®  threat type, the incident timeline (which can span days, weeks and months) and the entities involved.  

2

Alerts are enriched with threat intelligence and grouped into related clusters. Each cluster consists of anywhere between 1 to 5,000 alerts and a list of all clusters is presented to the analyst in priority ranked order.

1

The lightweight SOC.OS syslog forwarder is deployed on your IT environment, collecting and forwarding security alerts from your security tools to the SOC.OS cloud platform. SOC.OS can also collect alerts directly from cloud-based security tool APIs.

DOWNLOAD PRODUCT SHEET

Following a Masters in Mechanical Engineering, Dave joined BAE Systems’ engineering leadership programme working across military aircraft, maritime and cyber domains, before taking on SOC.OS in 2018. When not working, he enjoys travelling, basketball, BBQs and private tutoring.

Dave

CEO

Neil has spent the previous 12 years working in technology consulting across data, digital and cyber; with the last two years developing SOC.OS. He holds a Doctorate in Environmental Engineering. When not working, Neil enjoys spending time with his young family, going to the gym, and is an avid gamer.

Neil

COO

An experienced lead software engineer with a passion and drive for great products. Over twenty years’ experience working in defence, national security and commercial solutions. CEng (MIET), GCHQ approved Cyber Security MSc and accredited Scrum Master.

Craig

CTO

A catalyst for innovation and design thinking. Driving vision and design for Combat Air Space, Cyber Security, Defence and FinTech companies in EU, Silicon Valley and the UK. Green Tea lover. Collector of moments. Always Yogi-in-chief.

Davinia

Experience Design Director

Alix joined BAE Systems in 2015 after completing a PhD in particle physics.  She worked as a Software Engineer on government projects before joining the SOC.OS team.  Outside work, she enjoys running, horse riding and volunteers as a STEM ambassador.

Alix

Lead Software Engineer

Following a Master’s in Aerospace Engineering, Ben gained experience in enterprise-scale cyber incident response at BAE Systems, before moving on to R&D and innovation projects in the cyber domain. He enjoys snowboarding, home brewing, and travel photography. 

Ben

Lead Data engineer

After a degree in Physics in 2010 Joe began programming software for mass spectrometers. Since joining BAE Systems he has worked in various Engineering, Data Analytics and Software Engineering roles in maritime, renewable energy, and cyber security.

Joe

Lead Software Engineer

THE SOC.OS TEAM

REQUEST A DEMO

Leave your contact information and details of your enquiry below and a team member will be in touch with you shortly.

By submitting this form, with options ticked, you consent to SOC.OS processing your data for profiling to provide you with further marketing communications and tailored, relevant ads. You may unsubscribe at any time using our preference hub or clicking unsubscribe in our emails. We're committed to protecting the privacy of your personal data. Such personal data is obtained only when voluntarily submitted by you and is subject to provisions in our privacy policy.

Following a Masters in Mechanical Engineering, Dave joined BAE Systems’ engineering leadership programme working across military aircraft, maritime and cyber domains, before taking on SOC.OS in 2018. When not working, he enjoys travelling, basketball, BBQs and private tutoring.

Dave

Neil

Neil has spent the previous 12 years working in technology consulting across data, digital and cyber; with the last two years developing SOC.OS. He holds a Doctorate in Environmental Engineering. When not working, Neil enjoys spending time with his young family, going to the gym, and is an avid gamer.

CEO

COO

Craig

CTO

An experienced lead software engineer with a passion and drive for great products. Over twenty years’ experience working in defence, national security and commercial solutions. CEng (MIET), GCHQ approved Cyber Security MSc and accredited Scrum Master.

Ben

Following a Master’s in Aerospace Engineering, Ben gained experience in enterprise-scale cyber incident response at BAE Systems, before moving on to R&D and innovation projects in the cyber domain. He enjoys snowboarding, home brewing, and travel photography. 

Davinia

A catalyst for innovation and design thinking. Driving vision and design for Combat Air Space, Cyber Security, Defence and FinTech companies in EU, Silicon Valley and the UK. Green Tea lover. Collector of moments. Always Yogi-in-chief.

Lead Data Engineer

Experience Design Director 

Alix joined BAE Systems in 2015 after completing a PhD in particle physics.  She worked as a Software Engineer on government projects before joining the SOC.OS team.  Outside work, she enjoys running, horse riding and volunteers as a STEM ambassador.

Alix

Lead Software Engineer 

Joe

After a degree in Physics in 2010 Joe began programming software for mass spectrometers. Since joining BAE Systems he has worked in various Engineering, Data Analytics and Software Engineering roles in maritime, renewable energy, and cyber security.

Lead Software Engineer 

THE SOC.OS TEAM

In the early days of SOC.OS not an ounce of effort went into designing or developing a technical solution. Before the first architecture diagram appeared and the first line of code written, we spent many months speaking to a large list of customers and infosec professionals to explore in great depths the age-old problem of alert fatigue, which still plagues and burdens information security teams worldwide today. Listening and collecting feedback about the problems our peers and colleagues faced day-day fuelled our determination to challenge the notion that “security-alert-whack-a-mole” was here to stay.

Thus was born our mission; to fundamentally re-write the playbook that dictates how security operations are conducted today.

After understanding the problem at length, and building an Alpha product, our first successful proof of concepts was completed in Q1 2018. Since then, the SOC.OS team has been focussed on further enhancing and maturing our product with the help of an early-adopting and innovative customer community, who are influencing our roadmap via feedback.


Security alerts are ingested into SOC.OS via either the on-premise SOC.OS agent or from one of the cloud based sources.  The alerts are enriched with further information from 3rd party sources (e.g. Whois information) and the MITRE ATT&CK® threat associated with the alert is identified. The alerts are then correlated into groups or “clusters” based on a number of rules.  This ensures that, for example, alerts targeting the same part of your network with similar threat types would appear in the same cluster and can be easily examined in one go.  

These clusters are then ranked so that the ones deemed to require urgent investigation can be found easily on the SOC.OS workbench.  Users also have the ability to specify high-importance assets in their network, with clusters containing these assets being moved further up the priority ranking.  These clusters can then be investigated from the SOC.OS workbench using a bespoke data visualisation tool that illustrates the time evolution of the cyber event.  

The SOC.OS dashboard provides a number of graphs and tables to give you a clear overview of your entire network and to aid in the compilation of high-level reports.

We’re all too familiar with the pain associated with setting up a new tool such as a SIEM, and how integration efforts can last many days, weeks and sometimes months. We’ve worked extremely hard and constantly seek to optimise the SOC.OS on-boarding process to ensure it is as simple as possible.

For on-premise tooling, security alerts are forwarded over syslog from the alerting systems to the SOC.OS agent; which is a lightweight executable that can run on almost any operating system. The installation of the agent takes a matter of minutes, and once configured can be left indefinitely to forward alerts up to the SOC.OS cloud platform.

Cloud-based security tools are even simpler – provide SOC.OS with the API keys to read security alerts from that system, and it will automatically poll for new alerts.

Once you’ve provided a few key details about your network – internal domains, IP Address ranges, etc. – SOC.OS will get to work correlating alerts into prioritised incidents. You can then log into the SOC.OS portal to start viewing these incidents – no more swivel chairing across your multiple security portals.

The objective of intrusion detection and prevention systems, endpoint protection, Web Application Firewalls, SIEMs etc. is to produce alerts when they detect a set of conditions which might indicate malicious and/or anomalous activity. Once organisations install these tools, it’s very easy for small, stretched security teams to become overwhelmed by the number of alerts produced, particularly when the vast majority of these alerts are false positives. It’s easy for the alerts which indicate a real attack to slip through the cracks.  

SOC.OS is a lightweight, cloud-based, easy to install, zero-maintenance, affordable security solution to help your existing team filter through the deluge of alerts to find the ones that really matter. Affordable does not mean low-quality, however – we’ve worked with enterprise & nation-grade Security Operation Centres to boil down their techniques into cloud-based technologies, making it available to everyone. Think of SOC.OS as an extra teammate - one with top-tier security training, an ever-increasing understanding of your entire network, and one with a superhuman memory, having the ability to remember every interconnected relationship between every single alert (and meta-data within this alert) produced from every single security tool deployed on your network. This teammate then sits there 24/7 analysing, triaging and prioritising the most important incidents, before passing it onto a human teammate for further review.

SOC.OS was born within the internal incubator of BAE Systems Applied Intelligence. If you’re interested in learning more about corporate incubation and about the unique problem-centric approach that lead to the creation of SOC.OS, check out this blogpost.

The SOC.OS team and product has since spun out from BAE Systems with the help of new VC partners, enabling the founding team to develop and scale the SOC.OS service at speed, accelerating the value that the product delivers to our present and future customer community.

FAQ

Introducing SOC.OS, an alert correlation and triage automation tool. SOC.OS enriches, correlates and prioritises your alerts, boosting productivity, enhancing threat visibility and shortening mean time to respond to cyber incidents.

ImprintPrivacy Policy