Mint Security will start to resell and support the AlphaSOC product line in Finland and Europe.
AlphaSOC, the security analytics company, is headquartered in San Francisco with offices in Boston and Wrocław, Poland. The AlphaSOC analytics stack processes network telemetry (e.g. DNS logs, firewall logs, and web proxy logs) within customer environments to uncover infected systems, anomalies, and emerging threats. Hundreds of security teams use AlphaSOC’s Network Behavior Analytics for Splunk app to generate high fidelity alerts and hunt threats.
AlphaSOC works both in Splunk Cloud as well as on-premises and comes with the option to run an on-premises analytics engine for those not interested in sending data to the cloud.
Placement in the market
With AlphaSOC, adding alerting like any professional SOC would do becomes a breeze. But competing with commercial SOC’s is not the clue here as Thomas points out: “We don’t want to compete with any professional SOC a customer might already have in place, but rather add to that. The professional SOC can easily benefit from this as well, providing the customer with even more accurate results.”
How does this align with Splunk Enterprise Security? There are some similarities but mostly these are two different products. The similarities are that AlphaSOC will find similar issues than ES, in reality it has features that outperforms ES in many cases. On the other hand, AlphaSOC does not come with a complete ticketing and asset management solution built in. But in the end, these are not products that exclude each other.
“We even have the ability to add our own findings as notable events directly into ES, you just have to check a box”, Chris reminds.
AlphaSOC is priced based on unique internal endpoints, which makes its pricing very attractive for Splunk customers even with larger licenses as compared to Splunk Enterprise Security.
Today at AlphaSOC we released Network Flight Simulator (flightsim) 2.2.1, which is our free, open source adversary simulation tool. This latest release includes a number of new modules that security teams can use to instantly evaluate detection and response coverage within SIEM and SOAR tools.
“The cloud!” somebody shouts out loud. “This means my data is sent to the cloud – my precious telemetry data that in the hands of the bad guys could reveal too much about myself!”. This is correct. And for the sake of transparency, let’s have a look at what actually goes on behind the scenes.