Frequently Asked Questions

What is the Respond Analyst?

The Respond Analyst is software that is trained as an expert cyber security analyst that combines human reasoning with machine power to make complex decisions with 100% consistency.

    • Security Expertise Built-In
    • No Human Bias or Fatigue
    • Continuously Learning & Adapting
    • 100% Consistency
    • Machine Speed and Enterprise Scale
    • Processes Millions of Alerts in Real-Time

The Respond Analyst monitors your network 24×7 without a manned SOC.  The analysis, reasoning and decision making of a human SOC analyst is built into our software, allowing us to automate the role of the Level 1 SOC analyst.  In fact, at volume and scale, the Respond Analyst outperforms the human analyst in applying consistent, in-depth analysis (60+ facts), without bias or fatigue.

What is the First Responder Service

The The First Responder Service is a fully Managed Incident Escalation Service powered by the Respond Analyst.  The First Responder Service adds a “concierge” escalation model for organizations that desire a team of experts for guidance with specific incidents that the software identifies.  Incidents are “responder ready” and typically only a few per week are escalated, unlike the high volume of false positives that most service providers expect their customers to investigate.

One of the unique capabilities of the First Responder Service is that it can be used across your heterogeneous security stack to detect attacks with precision accuracy greatly reducing false positives, mean time to detect and overall dwell time of attacks.  The Respond Analyst supports best in class security technologies and solutions, freeing you from the proprietary stacks that many MSSP/MDR providers require you to deploy. The First Responder Service unlocks considerable value from your security technology investment, enabling you to turn the volume up on events and data collection, allowing the Respond Analyst to see more without drowning your team in alerts.  And it is available at a fraction of the cost of traditional MDR services.

How is the Respond Analyst different from a SIEM?

SIEMs use rules to reduce the number of security events that security teams analyze – in other words, funneling the data to a capacity that a team can manage. The Respond Analyst flips that funnel using all available data to make better security decisions, faster. The Respond Analyst uses pre-built decision models, ready to work on day one – no training or rules writing required.

Output from SIEMs can be unreliable and inconsistent.  One reason for this is because SIEM rules are based on boolean, deterministic rule logic that are too simplistic to isolate and analyze real attacks to determine true (vs. false) positive. Additionally, SIEM rules and the people who write them, can vary in terms of quality resulting in inaccurate or incomplete analysis.  The Respond Analyst collects and analyzes data directly from security sensors, without additional rule logic applied replacing the SIEM’s rule logic for general security use cases.

We have implemented SOAR – how does the Respond Analyst fit?

SOAR platforms can be programmed by security engineering teams to automate analyst tasks both upstream, ie., data collection, correlation, enrichment, and downstream ie. assisting in responding to low-level, repetitive security events. The Respond Analyst is pre-built software that automates the analysis, investigation and triage ‘at the front line’ of security decision-making, vetting all events before the SOAR needs to take action. The Respond Analyst is ready to work on day one, no programming required and elevates security teams to remediation and response activity.  The Respond Analyst integrates with SOAR systems sending incidents to the SOAR for remediation.

What’s the difference between “event” and security “incident” or “situation”?

security event is a single occurrence that theoretically indicates suspicious activity. Sensors like firewalls, web proxy monitors and end point protection solutions generate thousands to millions of individual events on a daily basis that may or may not be an indication of a threat. The Respond Analyst considers all available security events – analyzing, investigating and correlating them into security incidents that are scoped and prioritized for security teams to take action on. The Respond Analyst only escalates vetted security incidents and updates the scoped escalation additional related security data becomes available.

We use an MSSP for frontline monitoring and triage. How is the Respond Analyst different?

MSSP’s are challenged with the same ‘people in front of console’ as any internal SOC. MSSP’s are narrowing down the data their teams analyze using rules and sensor filters – that means that most likely less than 10% of your data is getting analyzed. Furthermore, MSSP’s escalate individual events that seem suspicious. Using the Respond Analyst with the same number of team members you have today, you improve your coverage and capacity and only spend time on vetted security incidents that have the data to back them up. Our MSSP Challenge allows you to do a side-by-side comparison of your MSSP to the Respond Analyst. If you are not impressed with the results, there is no obligation to you whatsoever. This is a zero risk, high reward option for you.

How is the Respond Analyst different from other security solutions? 

The Respond Analyst is different from other security operations products in four primary ways:

  1. Out-of-the-box. More like an app than a platform…at least in how you get it up and running and provide value to your team.  No rules to write, scripts to program or big piles of data to label.
  2. It’s just like you hired a very productive expert for your team.
  3. We use proven mathematics as the basis of our decision engine.  Like experts, it considers facts to determine the likelihood of an issue…unlike anything you’ve seen before, it considers lots and lots of facts with its ability to process at machine speed and scale.
  4. Low cost of ownership. We are cheaper by far compared to MSSPs or maintaining rules/scripts in a platform-based product.  The Respond Analyst learns about your environment and keeps the tribal knowledge forever using this information in its decision making process.  It also learns collectively across our entire customer base, so its analysis improves continuously,  without you having to lift a finger.

Join our growing community! Subscribe to our newsletter, the "First Responder Notebook," delivered straight to your inbox.