Like a pocket-sized SIEM for SMEs.
BAE Systems Applied Intelligence has successfully spun-off a new cybersecurity company following an internal incubation process, in a first for the British defence, security, and aerospace subsidiary.
“SOC.OS” has won £2 million in funding from Hoxton Ventures and Speedinvest, the company said today and also secured early adopters, including the UK Atomic Energy Authority.
The company and its product are designed to help internal security teams at medium-sized business manage threat protection and detection tool alerts; automatically analysing, triaging, and prioritising alerts.
The big idea: helping overstretched teams wearing many IT hats at mid-sized firms who may be wrestling with hundreds to thousands of alerts daily from different security products and tools that are not consolidated.
(Most SIEM/SOAR offerings are tailored to large SOCs or internal IT security teams, the company argues, making them cost-prohibitive).
SOC.OS was born within the Futures team of BAE Systems Applied Intelligence – an internal innovation and venture incubation hub. The new company launched officially in June 2020, with Dave Mareels as CEO.
Hussein Kanji, founding partner at Hoxton Ventures added: “As early investors in Darktrace, we know a thing or two about identifying great UK cyber security talent. We are excited to be partnering with SOC.OS and working with the UK’s leading defence player… to spin out this unique company.”
The tool works by ingesting alerts and enriching them with third party threat data, associating the alert with MITRE ATT&CK threat data.
These are then clustered by shared entity and threat type (i.e. so that those hitting your network with similar threat types can be clustered together) and then ranked by urgency using a data visualisation tool.
This is, arguably, nothing that hasn’t been done before, but making it work for the millions of companies out there that are increasingly the unwitting target of cybercriminals — but which would struggle to sign off the budget for SoC support or a larger security team — may be a sweet spot.