When starting SOC Prime, we had a dream to make threat detection easier, faster, and simpler globally. This called for innovation on a technical level, with a key focus on attack behavior. Therefore, since 2016, the SOC Prime team has customized the MITRE ATT&CK framework and Lockheed Martin’s Cyber Kill Chain to introduce our approach to the worldwide community and provide methods to apply it in practice. Furthermore, the mission of making threat detection more streamlined and effective called for a simple way to create and share detection algorithms. That is the reason why SOC Prime backed the Sigma project so early, contributing to the majority of SIEM & EDR backends, creating Uncoder.IO, and continuously advancing our contributions.
What is more important, when establishing SOC Prime, we dreamt of bringing together the largest community of security practitioners in the industry. However, this ambitious intention is only reachable with a product of practical value for all sides of the cybersecurity industry. And this is exactly what we have observed with Threat Detection Marketplace.
Continuously mastering our SaaS product, we helped to evolve Detection as Code from a concept to MVP and then to production, making it recognized and widely accepted by thousands of companies worldwide. These organizations came from more than 150 countries around the world, small and large ones alike, traditional enterprises, government institutions, tech companies, security technology vendors, MSSPs and MDR providers. As we worked together, exchanged feedback on what is working in practice and where we need improvement, our vision became very clear — we are on the right track to enable global collaboration in the cybersecurity industry.
Today, we are taking the next step towards worldwide collaboration by adding Threat Detection Marketplace to our newly launched platform, which can be used by an even wider InfoSec audience than ever before. SOC Prime goes from directly distributing content to solving even more practical problems that our industry had for over a decade, and we are doing so by reducing cost, increasing speed, and improving quality — all at the same time.
In the new platform, there are better tools for seasoned InfoSec experts and newcomers to the cybersecurity field, including threat hunters, detection engineers, IR, Red and Purple Teams, DevSecOps teams, SOC and CTI analysts, and of course for security managers and CISOs. And all of these tools, which we call platform Elements, are closely tied to collaboration, feedback exchange, dynamic security metrics, smart automation, and privacy of data sharing.
According to the SOC Prime’s well-established tradition, all of this functionality is available for the community both at the freemium level and at full scale, with commercial access and support.
As they say, a picture is worth a thousand words, so we welcome everyone to take a look at the platform live at https://tdm.socprime.com/login/platform.
Below you can find the answers to the questions we get asked the most about the newly launched Collaborative Cyber Defense platform.
Q: What exactly is happening to Threat Detection Marketplace?
A: Threat Detection Marketplace remains one of the core elements of the new SOC Prime platform. It is now placed under the Discover category, with key functionality improved and available to all registered users. If you have been using Threat Detection Marketplace, your access will be automatically upgraded to the platform-wide scale, with all new elements and capabilities available at the community subscription level. Notably, the previous access is kept the same as it was.
Q: What features will be available with the platform release? What are the Elements and what is new?
A: Starting from the SOC Prime platform launch, the following new elements are available:
All the elements are placed under the corresponding categories based on the business and security needs they match. For example, Threat Detection Marketplace is the first element of the Discover section, as it is used to discover detection content, get relevant security intelligence, and learn log source requirements. Uncoder CTI and Quick Hunt are new elements available under the Hunt section, as they are built to assist senior and junior threat hunters and cyber threat intelligence analysts. Moreover, two more new elements are on the way, going live in 2021.
Q: How are ongoing changes making a Platform but not a Product feature expansion?
A: The SOC Prime platform release introduces a combination of established products with a completely new collaborative approach to perform daily cyber defense tasks. SOC Prime’s core product, Threat Detection Marketplace, has existed since 2016 and it is known worldwide as the biggest security intelligence and SOC content repository. And while we are excited about the fact that Detection as Code is now a well-established attribute globally, we were getting a massive amount of feedback from more than 19,000 people who use it. This feedback is essential to understand that there are many ways of using detection content and that there is a need to go beyond behavior TTP-based rules to the areas that complement them.
For example, behavior-based searches (Threat Hunting) work effectively if combined with IOC-based ones (CTI). While we are focused on mastering the former, CTI teams provide feedback that running IOC searches can be better, more time-efficient, and more performant. Thus, we’ve used what we learned before from Uncoder.IO to built Uncoder CTI, a tool that has a similar approach at its core. Furthermore, Quick Hunt was built to launch behavior-based hunts, easily and rapidly, without diving into content logic too deep. As a result, any person in the industry has a tool to validate the hunting hypotheses fast, simultaneously providing and receiving feedback from peers as close to real time as possible.
Q: Is the freemium community access to the Platform any different?
A: It is better! Launching the first-ever platform for Collaborative Cyber Defense, we place our community at its center. The main change in the access is that we abandon feature differences in the community and paid subscriptions to unlock the worldwide collaboration at every level. The only limitation of the community access is its threshold-based nature.
For example, you can perform only one Quick Hunt session without giving feedback, while providing your feedback will reset the counter for another free hunt. In the case of Uncoder CTI, its query limit applies daily on a user basis, therefore, invite your colleagues to get a 2X query limit for free. Considering the Continuous Content Management (CCM) module and its API, it was a premium feature exclusively. However, with the platform release, it will be available at the community level also, with limitations on the amount of content available for download, number of content lists, etc. As a result, community access to CCM will fit for a personal lab or a pilot project, yet being short from the product usage thresholds.
Q: Are there any licensing changes for premium subscriptions?
A: With the platform launch, each new element will be licensed separately. Threat Detection Marketplace becomes one of the core elements and its licensing will be even more collaboration-friendly, with no limits on the recommended SOC analysts seats or platform users. If you have the premium subscription, our Customer Success team will contact you with an individual transition plan to the new licensing of Threat Detection Marketplace and a short brief on platform licensing options to provide maximum ROI to your team while maintaining cost efficiency.
To gain in-depth technical insights into the SOC Prime platform, with all new elements and capabilities available at a glance, explore our dedicated article. And get ready for September 14 to start your insightful journey with our Help Center guides and interactive platform tours.