Posted
Today’s post continues an ongoing series on Polarity Security Operations Center (SOC) use cases; demonstrating how Polarity helps you to see the story in your data without sacrificing thoroughness or speed.
SOC Leadership must balance speed of analysis with quality of analysis. Turnover of analysts also means knowledge and experience loss and a continual skill set disparity among team members. A SOC leader must ensure that all events and incidents are handled to the same expectations across team members irrespective of tenure.
Capabilities:
- Polarity Channels provide real time knowledge repositories, replacing time consuming and frustrating knowledge expeditions into Confluence, Jira, SharePoint, etc.
- Annotations promote real time collaboration and retention of analysis and decision making.
- SOC leaders determine what the authoritative data sources analysts will use to draw conclusions.
Noticed the highlighted text in the above images. You can see that Polarity’s computer vision recognized the text on screen, and in real-time while the analyst is working, it has provided contextual information for the highlighted data in the Overlay Window. This contextual information has been pulled from a variety of Polarity channels, allowing the analyst to immediately see contextual information.
As shown in the above diagram, the Polarity platform provides real time analyst behavior data. SOC leaders can see what data and what tools analysts use most, who uses what and how often. This is great not only for understanding your analyst performance and disparities among analysts but also for identifying opportunities to automate workflows.
Real time knowledge exchange and awareness in Polarity has several benefits including:
- Senior Analysts experience and previous conclusions are provided to all other team members allowing them to directly benefit from this experience in real time
- Turnover doesn’t mean loss of knowledge, experience and decision making is retained by Polarity
- Analysts don’t have to “Google” information when they need data to make an informed decision. Approved and curated data is provided in real time at the point of analysis
- Workflow checklists are enabled with the curated data provided by Polarity,
- SOC leaders can view the decision making of their team members and conduct QA/QC spot checking by reviewing Annotations and Channels
Meet the expert: Terry McGraw
Background: Terrence “Terry” McGraw is a retired Lieutenant Colonel from the United States Army and now serves as the President and principal consultant, of Cape Endeavors, LLC, with over 20 years of providing expertise in cyber security architectural design and operations in both commercial and government sectors.
Terry previously served as the Vice President of Global Cyber Threat Research and Analysis for Dell SecureWorks and President of PC Matic Federal. He retired from the United States Army in 2014 completing 27 years of service; the last 10 years of his Army career were leading key Cyber initiatives for the Army’s Network Enterprise and Technology Command, Army Cyber Command and the National Security Agency (NSA). He has multiple combat tours with his culminating assignment, serving as the Director of Operations, Task Force Signal Afghanistan, 160th Signal Brigade (FWD), providing all strategic communications infrastructure in the theater of operations.
Education: BA in History, MSA in Information Systems Engineering, and a graduate of the prestigious US Army School of Information Technology’s Telecommunication Systems Engineering Course.
Relevant Experience: Terry’s work in the Army leading and operating some of the world’s largest and most complex networks as well as 6 years as Vice President of Global Cyber Threat Research and Analysis for Dell SecureWorks providing managed cyber security services to over 4,000 commercial clients and leading it’s six Counter Threat Operations Centers gives him a deep and broad understanding of the Cyber Threat Landscape. His entire professional career has been in designing and managing resilient network architectures ensuring the operational readiness thereof.