This release focuses on the SIC application with performance improvements and enhanced statistics to empower users in creating fine-grained based detection rules.
SIC security engines rely on user defined rules to perform their detection. These latter needs to be analyzed and adjusted by the teams running SOCs in order to enhance accuracy of raised alerts. To assess rules efficiency, the statistics API of the SIC application was improved to report more details on the effectiveness of detection rules. One can now assess the quality of its ruleset by querying how many alerts were raised given a rule and a specified time period.
In addition to the quality of the detection, we also expect our engines to process security events on a real time basis. We significantly optimized our sighting generation process used by our correlation mechanisms to reduce the overall analysis duration. One more step forward our objective of a 1s processing time.
As said before, we want to ensure high speed processing events and avoid bottlenecks across our engines. We have added new metrics to help us monitor any lag that could appear between the various components of our workflow. Hence, it helps us to identify if one particular component of the SIC workflow needs to be scaled up to provide more treatment capacity.
A lot of our services rely on databases which have a sensible impact on the global responsiveness of the platform. In order to always maintain high performances on our databases, we reduced the amount of I/O on highly sollicited disks. We implemented this major change by adding new hard drives for data that doesn’t require low latency (backups are a good example of such data).
If you have any concerns, feel free to contact us at firstname.lastname@example.org.