Despite 2020 being a turbulent year, it has not slowed us down but pushed to the new limits to overcome. Last year Threat Detection Marketplace saw incredible levels of innovation boosting our automated platform capabilities and expanding the horizons for proactive threat detection.
One of the most notable 2020 updates to our content-as-a-service (CaaS) platform is the support for cloud-native language format. We started moving cloudwards with the adoption of Azure Sentinel, Google Chronicle, Sumo Logic, Humio, and Elastic Cloud.
Also, throughout 2020-2021 we’ve expanded Threat Detection Marketplace integration with 10 new SIEM, EDR, and NTDR solutions, including Microsoft Azure Sentinel, SentinelOne, Chronicle Security, FireEye Helix, Sumo Logic, Humio, Kafka, Corelight, CrowdStrike, Sysmon. With these new platforms on the list, Threat Detection Marketplace supports a total of 23 integrations, so users might easily deploy tailored detections with a couple of clicks.
We value the support and inspiration the community provides us each day. To enhance collaboration and maintain joint efforts in combating security threats, we constantly expand the list of our open source projects.
In 2020, the SOC Prime team released the Sigma rules repository mirror powered by Threat Detection Marketplace. This library is in sync with the open source GitHub repository owned by Florian Roth. Now you can find the latest behavior-based detections from the Sigma community at hand. Also, last year we added support for the Google Chronicle Security solution, so now users might also deploy YARA-L detections written in a new generic language format.
Security and Performance
At SOC Prime, we are committed to delivering detections at a light-speed, so throughout 2020, we’ve worked hard on the performance improvements. Now the login experience and the Content page load is twice as fast, so you might instantly find the relevant content.
To ensure the security and comfort of security performers while using Threat Detection Marketplace, in 2020 SOC Prime successfully completed the Service Organization Control (SOC) 2 Type I auditing procedure. SOC 2® compliance is essential for organizations looking for partnership with SaaS and CaaS product vendors.
Brand New Capabilities
To unfold the maximum potential of the Threat Detection Marketplace tailored to customers’ needs, last year SOC Prime team worked hard to expand the list of our platform capabilities.
Continuous Content Management Module
Threat Detection Marketplace users can now stream new content and update rules directly to their existing Security Incident Event Management (SIEM) solutions via the new Continuous Content Management (CCM) module. Currently, CCM supports Elastic Cloud, Azure Sentinel, and Humio, with Sumo Logic and other cloud-native SIEMs coming up soon.
The “hot” new Hyperdrive add-on to Threat Detection Marketplace enables security use cases end-to-end across people, processes, and technology at hyperspeed. Leveraging this add-on with the company’s active Threat Detection Marketplace subscription plan allows fast-tracked delivery of customer-specific use cases, integration with SIEM, EDR, or NTDR tools in use, onboarding and continuous training sessions directly from our Content Development Team experts, and more. As a result, cyber defence capabilities instantly jump from point A where capability did not exist to point B where the company’s security team knows exactly how to defend.
Threat Detection Experience Enhancement
To provide users with even more streamlined experience while using Threat Detection Marketplace, we are constantly working to master the platform features.
Role-Based Platform Experience
SOC Prime’s core mission is to help security practitioners get a more personalized experience using the Threat Detection Marketplace. Therefore, we’ve improved our registration flow to enable users to specify their professional role and get the most relevant content tailored to their professional routine.
Simplified Registration Flow
We’ve simplified the registration process for security performers who are new to our SaaS content community. After entering a personal or corporate email address, new users can now go through a more streamlined account verification procedure using an OTP 6-digit code sent to their email address.
Redesigned Search Page
We believe that your SOC content search experience should be swift and accurate, therefore, in 2020 our team introduced the newly redesigned Search (Content) page to help practitioners waste no time for extra querying. The innovations include role-based and platform-specific filtering, filtering based on the content availability, Rule Master with the ability to select one of the configured content search profiles. Additionally, we’ve added a new set of filters that cover Use Case, Platform, Cloud, Content Type, Log Sources, and other options.
Sign up to the Threat Detection Marketplace and reach the 90,000+ curated SOC content library mapped directly to CVE and MITRE ATT&CK® frameworks. Over 300 contributors from 70 countries enrich the library each day so that security performers might detect the most alarming cyber threats at the earliest stages of the attack lifecycle.
To maximize the benefits of Threat Detection Marketplace for your organization, you might check for the appropriate subscription type and contact SOC Prime experts for further clarifications. Have a desire to participate in threat hunting activities and develop your own detection rules? Join our Threat Bounty program and get rewarded for your input.