Cybersecurity provider Check Point Software has announced the launch of Infinity SOC, a tool for Security and Operations Center (SOC) teams for incident analysis using artificial intelligence, to avoid false positives and automatically identify critical incidents, with one-click remediation. Infinity SOC unifies the stages of threat prevention and detection, investigation and remediation, in a single platform.
The app analyzes incidents and filters alerts for irrelevant log entries to allow security teams to focus on the most sophisticated cyber attacks, which are usually the most dangerous. “It was essential for us to find a solution capable of reducing the daily deluge of alerts and events, and to identify the few real and potentially harmful threats to our networks.Said Soren Kristensen, security engineer at Terma A / S and client of Check Point Infinity SOC.
“Infinity SOC offers just that, and more. The solution allowed us to filter out all irrelevant alerts and background noise to see the true state of our network security, and to automate the processes, allowing us to focus on the activities that really matter. . It also provides intelligence on threats and additional ways to track them down, which we just didn’t have before.“He adds.
Automatically expose the most stealthy attacks
Infinity SOC automatically sorts alerts for better responsiveness to critical attacks and one-click remediation with a thin client on the infected host. It also prevents hackers from launching phishing campaigns against users by blocking similar-looking web and email domains. Powered by Thread Cloud, the attack information collection service, it allows teams to quickly search for in-depth in-depth information on any indicator of compromise, including globally spread infections, timelines and patterns. attacks, malware DNA and much more.
It also includes extensive social media and OSINT research to further investigate, unlike other solutions that use offline threat databases. Suspicious files are quickly scanned using SandBlast threat emulation, which, according to Check Point, has the best malware blocking rate on the market.
A platform managed in SaaS mode
Infinity SOC is a centrally managed cloud platform, “which improves operational efficiency for teams and lowers total cost of ownership,” says Check Point. “It can be deployed in minutes, and helps avoid log storage costs and privacy issues with a single cloud event analysis, which neither exports nor stores event logs.”
This is the dream of every RSSI: to have an intelligent self-defense system based on efficient and proactive AI. Its main merit would be to reduce the number of alerts, leaving only the most complex, or rather the most vicious, alerts to security incident response teams. Long announced, the first implementations of AI in security analysis tools are just beginning to see the light of day.
While waiting for these AI-based analysis tools to mature, one wonders how effective they can be. On its site dedicated to Infinity SOC, Check Point announces a detection rate of 99.9% of stealth attacks (see illustration above), but without going into details concerning the type and complexity of the attacks flushed out.