Anyone who’s anyone in the IT world knows that 451 Research is one of the most trusted resources for providing expert insight into the realm of enterprise IT innovation and emerging technology. A few months ago, the research giant created and shared an impact report on the eyeShare product, cleverly entitled “Step IT Up and Go; Ayehu’s eyeShare Wants to NOC your SOCs Off.” The full 7 page report highlights Ayehu’s strengthening position in the cyber security incident response sector.
One of the key takeaways from the report is Ayehu’s demonstrated goal of using intuitive automation technology to relieve many of the crushing pressures that CISOs and SOC managers are under, as well as our desire to demystify some of the most critical value chains that are determined by the speed and quality of incident response workflows.
The report also sheds much-needed light onto the fact that, despite the critical importance and overarching value of investing in the development and implementation of a solid cyber security incident response strategy, IR activities still fail to drive a significant amount of purchasing decisions, nor are they adequately being budgeted for. 451 Senior Analyst Dan Cummins, the report’s author, calls this “a shame,” listing out the three most favorable qualities of incident response as:
- Natural orientation around interoperability
- Simple ROI equations driven in part by fulltime equivalent (employee) savings
- Process orientation
The author also accurately identified some of the main issues plaguing the modern SOC (and IT as a whole), including alert fatigue and the inefficiencies of dealing with false positives. Positioned front and center as the ideal solution is IR automation, which as the document points out, can provide security professionals with greater process-level capabilities while also adding substantial value in terms of both natural synchronization with broader IT work and systems environments.
“A quick check of just about any top-10 list of IT tasks appropriate for automation yields several suitable for framing in security terms: file and folder monitoring, event log scanning, incident escalation, administrative password management, employee off-boarding, etc.”
Receiving noteworthy mention in the report were the 500+ pre-built templates and 120+ workflows in eyeShare’s comprehensive design palette, as well as the ~40 use-case playbooks expertly designed and developed specifically for security operations.
“The SOC offering is designed to provide operators flexible and deep security and IT domain controls, as well as an intuitive interface in a lightweight and mature platform.”
From a technology standpoint, the report showcases eyeShare’s agentless capability to run both locally or in the cloud (private or public). Specific features mentioned are the drag-and-drop workflow designer, workflow scheduler, reporting and dashboard consoles and intuitive ‘if then’ user interfaces. The rules engine governs incident management, delivering automated alerting and escalation, run book automation and full reporting capabilities. Lastly, it’s the only automated cyber security incident response platform that enables two-way interaction with analysts during playbook execution.
Cummins also pointed out the immense opportunities that eyeShare has in the future of cyber security incident response. With more and more companies beginning to recognize the value and importance of automation technology, particularly in terms of security, the eyeShare product presents an attractive option for bringing monitoring, detection, threat intelligence and automation technologies under one roof – and without breaking the bank.
“EyeShare is priced for value, yet reflects broad maturity in its incident-response runtime playbooks and management’s depth in IT operations and workflow.”