2023 In Review: It’s a Wrap!

2023 saw broad changes to both the threat landscape and the way SOC teams detect and mitigate threats. Increased data needs, the rise of generative AI and integrated automation are among the top trends for 2023. Our product roadmap has allowed us to help our customers adapt to these trends and stay on the cutting edge of cybersecurity. 

Top Technology Trends

  • Data needs are skyrocketing, making security operations more difficult to manage.
  • The rapid advancement of Generative AI means that humans need to learn to work alongside AI to drive efficiencies.
  • Automation is performing tasks that were previously done by humans, leading to improved efficiency and productivity.

Innovation is at the heart of what we do and why we are a 4x Gartner Magic Quadrant leader for SIEM. Our top priority is and always will be protecting the world from cyber threats. Here are some of our top initiatives from the year that have helped our customers stay ahead of threats and future-proof their cybersecurity.

Launched Unified Defense SIEM

In April, Securonix set the new standard for the SIEM market by launching the industry’s first Unified Defense SIEM. This new product is helping our customers meet modern data demands, embrace AI, and leverage automation to improve efficiency. The platform provides organizations with 365 days of ’Hot’ data, Powered by Snowflake, for fast, consistent search and investigations resulting in an average of 2X faster response times. This capability, paired with best-in-class threat content-as-a-service, allows you to stay ahead of emerging threats. UDS also enables you to mount a proactive defense by allowing you to continuously collaborate with your peers and partners and unify Threat Detection, Investigation, and Response (TDIR), all in a single platform. Since then, the platform has been praised by customers who immediately noticed the performance improvements provided by Snowflake.

As part of our exciting new partnership, Securonix and Snowflake have created a split architecture solution that enables customers to use Securonix analytics on top of their existing Snowflake Data Cloud Platform. Bring your own Snowflake (BYOS) allows Snowflake customers to keep their data within their Snowflake implementation while still leveraging Securonix Unified Defense SIEM for security visibility, analytics, and intelligence-based incident response.  

Learn More about BYOS

Watch the Demo to learn more.

Launched ChatGPT Integration

In August, Securonix announced an integration with ChatGPT. This partnership has brought the power of artificial intelligence (AI) to enhance your ability to resolve threats quickly. ChatGPT empowers security analysts, threat hunters, and content administrators alike to investigate and respond to security threats swiftly.

With the generative AI capabilities of ChatGPT built into Securonix Investigate, security professionals can interact with AI models in a natural language and access the information they need alongside insightful context gathered by Securonix Investigate. As the investigation progresses, Securonix continues to gather new and updated information to provide your analysts with the most current details available. These insights can be easily shared between team members or trusted groups, enabling security analysts to gain a better understanding of their observations. This, in turn, accelerates investigations and reduces the time it takes to respond to security threats.

Watch the Demo to learn more.

Autonomous Threat Sweeper (ATS)

Introduced in 2022, ATS continues to automate manual threat-hunting tasks for our customers. This year, the average security team at a mid-sized company spent anywhere from 130 to 170 hours chasing 115+ threats monthly.

That’s where cyber rapid response comes into play. ATS combines the best of all worlds — human analyst-driven threat intelligence curation, threat hunting, and detection engineering with automated post-hoc detection. In 2023 we saved our customers an average of 170 manhours per month, swept over 38,167 IOCs and TTPs, and identified 1,357 emerging threats.

Watch this explainer video to learn how ATS works.

Dark Mode

Having a dark mode option in the technology we use, whether it be our mobile devices, laptops, or the giant monitors in the SOC, has become very popular. A Wired magazine article from April 2023, titled “Dark Mode’s Shadowy Promises: Light-on-dark displays tap into society’s deepest fears about technology’s ills.”, it pointed out that the desire for a dark mode option may be more profound than a simple preference. From Securonix’s perspective we have seen a large adoption in the use of dark mode options in several tools and solutions within the SOC. This observation drove us to the conclusion that it made sense for us to offer a dark mode option. Since November this year, you can run Securonix in the same mode as your other key applications. 

You can find more about our dark mode here.

Securonix Hub

The Securonix RIN evolved. Now the Securonix RIN has transformed into the Securonix Hub, bringing more scale, better visibility, and seamless upgrades to the Securonix Unified Defense SIEM. With the new Securonix Hub, you can ingest data and send response actions to effectively gain the visibility needed to keep pace with today’s modern threats and act to mitigate them.

The Securonix Hub delivers improvements over Securonix RIN on vertical scalability, orchestration, and health visibility. 

Autoscaling Pipelines

Securonix also introduced dynamic auto-scaling capabilities for the production pipeline as new data sources and analytics were introduced. Issues with poorly configured or failing data sources can create bottlenecks, slowing down data ingestion and affecting high-priority data flows. Data ingestion delays directly impact threat detection and response times. To resolve this bottleneck, Securonix automatically redirects slow-performing data to a diagnostic pipeline, ensuring that high-performance data reaches its destination without interruption. Additionally, the platform enables seamless transitions of data sources, analytics, and policies from sandbox to production, auto-scales to meet capacity demands, and efficiently diagnoses problematic pipelines to prevent disruptions to other traffic.

Policy Watch and Device Monitoring

These new features have been added to expand the control customers have over their own deployments. Policy Watch provides a dashboard to help identify misconfigurations and assess the health of policies via pre-determined metrics. This reduces the need to open support tickets that may be related to issues from policy misconfigurations.

For device monitoring, A new Devices View page provides the ability to monitor and alert about issues on individual devices within a data source.

SOAR updates and playbooks

During the final quarter of 2023, we updated our SOAR platform. One of the notable additions is the ability to automate scheduled playbooks without the need for an alert to trigger them. This feature is handy for offline activities such as conducting vulnerability or compliance scans and when any critical or high vulnerabilities are detected, subsequent actions will be executed accordingly.

We rolled out SOAR integration support for Proofpoint TAP, Symphony Summit, OneLogin, JumpCloud, PA URL filtering, AWS Firewall, APIVoid, Demisto, Securi Sitecheck, Streamset, and Phantom.

SOAR playbooks are a critical part of our overall security strategy, and they help us respond to incidents quickly and effectively. We are pleased to announce that we have released a total of 19 SOAR playbooks, covering a wide range of security incidents, including malware attacks, phishing attempts, and data breaches for our SOAR product customers. These playbooks are designed to help our customers better manage and respond to security incidents.

Documentation of released Playbooks: https://documentation.securonix.com/bundle/securonix-cloud-user-guide/page/content/soar-out-of-the-box-playbooks.htm

Top use cases covered by released playbooks:

  1. Azure AD Identity Compromise Mitigation
  2. Block Malicious IOC in Zscaler Internet Access
  3. High-Risk Device Mitigation using Carbon Black
  4. Phishing Alert Investigation
  5. Malware Remediation using Crowdstrike

Expanded threat coverage and integration

As security operations grow more complex and data demands skyrocket, Securonix has continued to improve our products to offer more threat coverage. We have published 12 advisories and threat research papers, together with our continuous content updates. 

These metrics contain the latest policies that have been delivered in the last year, along with any possible.

  • Bug Fixes: Identification of anomalies and misconfigurations in policies due to changes in input parameters to ensure system optimization
  • Enhancements: Iterative improvements to increase the efficiency of policies and alert fidelity
  • Deprecations: Strategic decommissioning or replacements of legacy content, maintaining our platform’s relevancy and system optimization
Bug-fix Deprecated Enhancement New Grand Total
Grand Total 150 137 481 229 997

Please refer to the release notes for additional details.

Documentation remap

To defend against today’s most sophisticated cyber threats, big data security specialists equipped with the most advanced tools should also be equipped with the most advanced product documentation. To this aim, Securonix initiated a comprehensive audit, redesign, and augmentation of its documentation content, and also partnered with Zoomin Inc. to provide state-of-the-art web and contextual help capabilities. Updates include:

  • Contextual Documentation: Relevant help content is now at your fingertips, directly from the Securonix UI.
  • New Documentation Portal: A redesigned portal now includes advanced searching and filtering functions, improved navigation, feedback button, smart tables.
  • Help Content Redesign: The content has been reorganized, reviewed, cross-referenced, and expanded to promote objective-based learning and user success.

You can find more information about documentation updates here 

Wrap up

Want to know what’s coming in 2024? Follow us on our journey as we continue to push boundaries and deliver on our promise of securing the world from cyber threats.

Get a demo to learn more about our new products and features.

Securonix Threat Labs Monthly Intelligence Insights – May 2024
Securonix Launches Expanded Partner Program to Bring the Benefits of...
Securonix Appoints Dev Singh as Head of Sales for ASEAN Region
Securonix Threat Labs Monthly Intelligence Insights – April 2024