Blog Categories Application Security Cloud Security Compliance Container Security & Orchestration DevSecOps General Professional Development SOC Threat Intel Threat Stack Subscribe Now x Subscribe to Our Blog! Cloud Security • Compliance • Threat Stack 2 Min Read Accelerating Mean-Time-To-Know With Security Analytics Rob Young March 25, 2021 There are few cybersecurity KPIs more important than mean-time-to-know (MTTK) and mean-time-to-respond (MTTR). Threat Stack provides alerts to cybersecurity professionals that can make an enormous difference in a company’s ability to drive these metrics down. As attackers and malware become more sophisticated, security teams must consistently improve their MTTK and MTTR to stay ahead. To do this, it’s critical to quickly grasp if anomalies and risky behaviors represent significant threats, where they are occurring within the environment, and in what context, in order to take appropriate action rapidly. However, this type of critical context is often siloed within complex reporting tools and separate applications that are disconnected from the day-to-day workflows of security analysts. This creates enormous friction and leads to a reactive, as opposed to proactive, use of analytics, which slows down security teams and hinders their ability to efficiently triage and remediation risk. Threat Stack consistently strives to reduce MTTK and MTTR for security organizations. New capabilities such as ThreatML and EC2 context enrichment bring relevant context directly into an organization’s risk assessment, triage, and remediation workflows. This enables them to quickly determine the severity of issues and how to prioritize and respond to them. And today, we’ve further enhanced the Threat Stack Cloud Security Platform® by adding security analytics, providing even more contextual insights. Security Analytics Security analytics is a new capability that further enhances the Threat Stack Cloud Security and Compliance platform by providing deeper insights and context into risk within your cloud workloads. Threat Stack’s security analytics surfaces valuable security insights and visualizes them in an easy-to-consume user interface. With this information, security teams can proactively identify risk trends, improve rule creation and alert tuning, and effectively troubleshoot and remediate risk in real-time across their cloud infrastructure and applications. Threat Stack’ security analytics remove the need for security analysts to branch off into separate workflows, applications, and/or data silos by placing modern analytics at their fingertips, directly within the Threat Stack UI. Specifically, security analytics analyzes critical aspects of cloud workloads, including: User behavior and patterns Unique system services and network communications patterns Unique cloud identities along with respective types and patterns of access Unexpected file actions Unpatched servers that could produce severe vulnerabilities Choose an Approach that Matches your Role Different roles will want to pose various questions to the data, and security analytics will enable them to do just that. For example, security leaders need a strategic, top-down view, so they will look to security analytics for a holistic view of their security posture and drill down or filter the data to specific areas of concern and then go into the associated events for the details. On the other hand, security analysts will typically start from the bottom up, with more tactical questions to address through the data. Therefore, they’re more likely to begin within the event and then pivot into security analytics for the larger view to verify the baseline of specific behaviors and determine its actual level of risk and broader impact to the business. Whatever the role, security analytics provides meaningful context that enables security teams to shave crucial minutes off the time between an alert showing up and determining whether it represents a severe threat that deserves further attention. I think I speak for everyone in the security industry that the less time attackers, malware, and other threats have to infiltrate our cloud environments, the better. About Rob Young Rob is the Director of Product Marketing and Corporate Communications at Threat Stack. He has over 20 years of experience across the IT Operations and Cybersecurity industries. Before joining Threat Stack, he led Technical Product Marketing for IBM Security Guardium. Prior to that Rob was the Head of Product Marketing for a series A start-up and Research Director for Enterprise Systems Management Software at IDC. Additionally, he previously held IT Operations Management positions in several large enterprises and within the U.S. Air Force. View more posts by Rob Young Request a Demo Share this Blog