The document discusses Leo Technosoft's intelligence-driven Security Operations Center (SOC) that leverages big data analytics for enhanced security monitoring and incident analysis. Key features include scalability, user context correlation, real-time data integration, reporting capabilities, and visualization techniques to assist analysts in understanding complex data relationships. The focus is on improving the quality of behavioral analysis and anomaly detection by framing data in relevant contexts, thereby reducing false positives.

1. SOC SECURITY ANALYTICS OF
LEO TECHNOSOFT
A momentous portion of information security efforts focus on monitoring and
analyzing data about events on networks, servers and other devices. Advances in big
data analytics are now applied to security monitoring to enable both broader and
more in-depth analysis. For leo technosoft’s intelligence driven SOC, big data security
analytics and analysis is an extension of security information and event management
(SIEM), CASB, PIM and related technologies. The quantitative difference in the
volumes and types of data analyzed result in qualitative differences in the types of
information extracted from security devices and applications and hence a resulting
qualitative difference in the possible alerts/alarms.

2. • Leo TechnoSoft’s Intelligence Driven SOC’s big
data security analytics is designed to collect,
integrate and analyze large volumes of data in
near real time, which requires several additional
capabilities like User Context Correlation, Security
Control Visibilities like IFC, FISMA , ISO and
discovering Patterns between Devices, Identity,
Data and Context together.
• Five key features distinguish big data security
analytics from other information security
domains.

3. KEY FEATURES :
• Scalability and User Context Correlation
•
• One of the key distinguishing features of Leo TechnoSoft's
Intelligence Driven SOC Security Analytic is scalability. The
platforms have the ability to collect data in real or near real
time. Network traffic is a continual stream of packets that
can be analyzed as fast as they are a captured. The analysis
tool doesn’t depend on a lull in network traffic to catch up
on a backlog of packets to be analyzed.The analysis
provides the ability to correlate events across time and
space, which means the stream of events logged by one
device, such as a Web server, may be highly significant with
respect to events on an end-user device a short time later.

4. Reporting and visualization: Security
& Compliance
• Another essential function of Leo TechnoSoft's Intelligence
Driven SOC Security Analytic is reporting and support for
analysis.Security professionals have on demand reporting
to support operations and compliances dashboards. They
also have access to dashboards with preconfigured security
indicators to provide high-level overviews of key
performance measures/indicators.Visualization presents
information derived from big data sources in ways that can
be readily and rapidly identified by security analysts. Leo
TechnoSoft's Intelligence Driven SOC Security Analytic uses
visualization techniques to help analysts understand
complex relationships in linked data across a wide range of
entities, such as websites, users and HTTP transactions.

5. Information context
• Since security events generate so much data, there is a risk
of overwhelming analysts and other infosec professionals
and limiting their ability to discern key events. Leo
TechnoSoft's Intelligence Driven SOC Security Analytic
frames data in the context of users, devices and events.
• Data without this kind of context is far less useful, and can
lead to higher than necessary false positives. Contextual
information improves the quality of behavioral analysis and
anomaly detection. Contextual include somewhat static
information, such as the fact that a particular employee
works in a specific department. It also includes more
productive information, such as typical usage patterns that
can be subject to change over time.