Our Malizen software platform has many features to accelerate processes of cyber teams: collaborative investigation, data mining through visualisation, machine learning based copilot…Among all these features, one is particularly important for the daily work of cyber teams: automated reporting.
We thought it was important to focus on this specific feature and explain how Malizen cuts out the lower value tasks to free up analyst's time. Let's put analyst's cyber expertise back at the center of their work!
Reporting in cyber teams
Today, cyber teams have been getting better at working a collaborative mode. By the way, Malizen is tackling this issue with its collaborative investigation module but that's another blog post. Tools like MITRE Att&ck have simplified this collaboration by giving them a standardised language for sharing incidents and information. This allows them to qualify incidents that are reported to them with a lot of data.
But detecting an incident or finding a security vulnerability is just not enough! Someone has to decide to deploy new solutions or react accordingly to correct the flaws or explain the situation to management or even clients. That’s where reporting comes to action. Most of the time, this means a lot of time spent transcribing the case management data into readable documents using tradition word processing software.
This poses two problems for cyber teams: it takes quite a lot of time and not everyone speaks the cyber language.
Indeed, once an investigation has been completed, spending two hours in Word or Powerpoint writing a detailed report can be frustrating when you know that other analysis are waiting. Spending time on manual work is an analyst's top frustration.
Also, cybersecurity is full of technical jargon that people dealing with high-level strategy, marketing, product...have trouble understanding. But for cybersecurity experts, learning how to write documents that everyone can understand isn’t a priority or a wish.
The Malizen method
During an investigation, notes are often taken on a piece of paper next to a digital document among many others. We’ve integrated a system that allows analysts and experts to take notes directly in our tool during their investigation. These notes can also be shared during an investigation in progress with other people.
Remember all that contextualised data we were storing automatically to help with case management?
We’ve used this data to train the copilot, to streamline case management... we also use it to generate reports! Reports are automatically generated with as much context as possible. Our aim is to fill automatically the document as much as possible to minimise manual work for cyber analysts. We can extract schedules, leads, TTPs, comments and remarks to build-in quality documents.
We've also been working on aggregating this data to generate reports for decision makers related to security posture and team efficiency. It’s indeed important to link cyber-specific data to company-specific data. The idea is to translate the TTPs into integrity, availability and confidentiality of assets and data in order to make the reports easier to understand. Our ultimate goal is to provide Malizen’s users with actionable KPIs such as incidents valued in dollars so that the severity of the situation is clearly understood by all stakeholders and actions can be prioritised accordingly. Imagine if as a SOC manager you could quickly and automatically generate a handful of relevant slides for a Powerpoint deck to report to the group CISO?
Free-up analyst's time. Put their technical expertise back at the heart of their daily work. Make reporting a useful decision-making and communication tool. These are all objectives at the heart of our automatic reporting module. When reporting is no longer painful !