Discover Package icon

The Hive Mind Package

The Hive Mind Package includes several key modules designed to streamline and scale incident response and improve operations. It enables true Adaptive Incident Response by implementing AI-driven optimization and planning capabilities to improve key operational metrics for the SOC. Collectively, the features enabled in the Hive Mind package provide customers with everything they need to move from traditional, isolated incident response (for example, analysts working on the next item in their queue and recommending remediation limited by their experience), to a highly contextual and team-based and risk-driven response model.

Customers who utilize the Hive Mind package simply see more relevant overall security events, extend mean-time between business impacting failure events (MTBF), and reduce mean time to remediation (MTTR).

Asset Enumeration icon

SOC Management AI Planner

APPLY TO BETA

The SOC AI Planner Module includes the ability to enable ACDP’s AI planner to automatically review and route tickets and events to SOC analysts and incident responders who will be most effective in timely and successful remediation. This analysis can include diverse parameters including shift times, skill sets, open issues, relationships between issues, friction points in the SOC, and previously remediated tickets and work by the available personnel. It also includes a manager-focused module to proactively identify friction points in operations, like funnel and dropoff analysis for open and historical events and incidents.

  • Intelligent Incident Routing with the option to run in performance mode or training mode, focusing on maximum throughput or cross-training staff members respectively.

  • Contextual Security Event Routing ensures that tickets which are likely connected to other assigned tasks are routed to the same group of people. This can be an important value add for large teams since maximizing the amount of information related to a particular intrusion or campaign with the same analyst groups improves context and performance.

  • Identification of security friction points is an important part of managing a SOC. ACDP brings powerful tools to bear using its underlying timeseries and graph databases. View response steps, timelines, and performance (both role-specific and by individual user) associated with your operations. Sankey charts and dropoff charts provide powerful visual tools for identifying where you are understaffed and help streamline operations and future planning.

  • Identification of detection analytic and tool performance is just as important as understanding the human dynamic in the SOC. Sankey diagrams and dropoff charts allow for intuitive visual exploration of cyber event and incident source alerts, downstream results, and event source information. This is a tremendous tool for uncovering which tools and entities are providing the most value within your organization.

Analyst Augmentation icon

Analyst Augmentation

APPLY TO BETA

ACDP's Analyst Augmentation Module automatically identifies similar incidents based on a number of non-obvious factors which may be as diverse as asset interconnectivity in the CPG, patterns in log data, discreet sequencing of actions from all sources, and links to known campaigns of threat actors or threat-actor specific tactics, techniques, and procedures. Correlated events are automatically aggregated to single incidents before they make it to the analyst’s desk when possible.

Some of the specific capabilities in this module include:

  • Automated correlation of non-obvious relations between network events

  • Targeted Event Correlation

  • Reachback capabilities leveraging in-app (and/or Slack) chat to interact (and store logs) with other staff members who have responded to similar incidents, threat actors, or dealt with supported business units. This is a critical part of leveraging the collective institutional memory from current and former staff members (via integrated search on previous notes/documents).

  • Chatbot based support for organizationally approved knowledge transfer and availability. This can range from helpful references for Linux commands, to asking questions about organizational guidelines for response actions or reporting requirements for specific incident or event types.

IRDS icon

Incident Remediation Decision Support (SOAR with Optimization)

APPLY TO BETA

The Adaptive Incident Remediation Decision Support (SOAR with Optimization) offers the ability to review specific security incidents and consider all factors including network architecture, analyst assigned, business impact, and cost of remediation to generate a contextual plan for the optimal remediation path to close the specific incident. Our Adaptive AI planner capability automatically suggests new priorities and actions to help stitch individual SOC team members’ actions into a more integrated and performant whole.

This capability specifically includes:

  • Incident remediation decision support suggesting discrete steps to close identified security incidents

  • Cost-aware security operations suggestions taking into account current, available, and on-demand resources

  • Advanced Orchestration and Automation driven by actual network context and can be linked to advanced business-driven risk metrics (with associated package upgrades within RMO)

Discover Package icon

Additional Modules

Asset Enumeration icon

Threat Campaign Management

APPLY TO BETA

The Adaptive Incident Remediation Decision Support (SOAR with Optimization) offers the ability to review specific security incidents and consider all factors including network architecture, analyst assigned, business impact, and cost of remediation to generate a contextual plan for the optimal remediation path to close the specific incident. Our Adaptive AI planner capability automatically suggests new priorities and actions to help stitch individual SOC team members’ actions into a more integrated and performant whole.

This capability specifically includes:

  • Incident remediation decision support suggesting discrete steps to close identified security incidents

  • Cost-aware security operations suggestions taking into account current, available, and on-demand resources

  • Advanced Orchestration and Automation driven by actual network context and can be linked to advanced business-driven risk metrics (with associated package upgrades within RMO)

Identity Assurance icon

Advanced Analytics

APPLY TO BETA

The Advanced Analytics Module unlocks the power of Fractal OS-enabled machine learning and AI directly for internal security data science teams and analysts. This module enables organizations to create their own custom analytic data flows utilizing the ACDP user interface – specifically employing Spark-based jobs, rules, and DCG (orchestration) pipelines for analytics involved in both detection and response. Security domain experts can leverage an included library of ML algorithms out-of-the-box, with tools to tune and train them on their own unique data and the ability to extend them or add new models they independently build. This extremely powerful module lets organizations create something new within the context of ACDP — the power of data science in the hands of the domain experts.

Specifically, your organization should expect:

  • Custom-built drag-and-drop analytic data flow editors for Connector and DCG

  • In-browser Spark compatible scratchpads, reports, and analytic job IDE within the core Fractal OS web-based UI

  • The ability to orchestrate enrichment activities and secondary queries as part of analytic pipelines using DCG

  • Parameter selection and hyper-parameter tuning capabilities custom analytics tuned to the customer environment (with the optional Advanced Model Management upgrade)

  • Ability to access an invite-only program of community repositories and a marketplace of algorithms, data sets, and other data entities