With today’s expanding attack surfaces and the growing sophistication of adversaries, exploding volumes of data are negatively affecting SOC teams’ success. According to the 2021 Devo SOC Performance Report, 67% of respondents said their lack of visibility into the attack surface makes working in the SOC painful.
To address this challenge, the Devo Platform ingests data quickly and easily from any infrastructure and application providing security teams with complete visibility across the entire attack surface. The 7.13 release of the Devo Platform contains a new feature — Stat Counts — that enables users to enhance their data search capabilities, which increases accuracy and improves productivity.
Leverage statistical data to perform fast, in-depth data discovery
Stat Counts gives users the ability to perform statistical analyses on query results without sacrificing performance. Analysts can view an instantaneous snapshot of a rank-ordered list of values in a field they can leverage for further investigation. This is performed across data stored on the server.
Security teams can create, edit and apply additional filters using a single-click, drill-down action, which enables them to produce refined sets of information. This helps security teams pinpoint incidents and perform rapid analysis across real-time and historical data sets.
Using Stat Counts
Let’s look at a simple example of how Stat Counts helps users quickly identify and analyze information reported by a website.
First, we’ll use Stat Counts to identify the user agents attempting to access the website, in a rank-ordered list.
As you can see, the ansible-httpget agent seems to be an outlier, with only three requests. Let’s select and filter this value by clicking on it to obtain further details.
Now we can see where the ansible-httpget agent request is coming from. In this case, ansible-httpget originated in Ireland (IE).
We can subsequently mark that field as a “favorite” and perform additional analysis. For instance, let’s check the HTTP request response times.
Stat Counts also calculates several basic aggregations such as max, min and standard deviation, which is useful for pinpointing potential issues.
With a few clicks, users can gather statistical details of the entire data field, drill down into the results, and perform more detailed, context-based analysis. This helps users make faster, more educated decisions, which are critical to protecting the business.
Ready to learn more?
Watch this video for a more detailed demonstration of how Stat Counts will help your security team work more efficiently to detect, investigate and respond to threats.
For additional information about how the Devo Platform and Stat Counts will help your security team work more efficiently, contact us to learn why leading organizations are turning to Devo for no-compromise security operations and data analytics.