View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

BAE Spins Off Threat Triage Startup, After Internal Incubation

Like a pocket-sized SIEM for SMEs.

By CBR Staff Writer

BAE Systems Applied Intelligence has successfully spun-off a new cybersecurity company following an internal incubation process, in a first for the British defence, security, and aerospace subsidiary.

SOC.OS” has won £2 million in funding from Hoxton Ventures and Speedinvest, the company said today and also secured early adopters, including the UK Atomic Energy Authority.

The company and its product are designed to help internal security teams at medium-sized business manage threat protection and detection tool alerts; automatically analysing, triaging, and prioritising alerts.

The big idea: helping overstretched teams wearing many IT hats at mid-sized firms who may be wrestling with hundreds to thousands of alerts daily from different security products and tools that are not consolidated.

(Most SIEM/SOAR offerings are tailored to large SOCs or internal IT security teams, the company argues, making them cost-prohibitive).

SOC.OS was born within the Futures team of BAE Systems Applied Intelligence – an internal innovation and venture incubation hub. The new company launched officially in June 2020, with Dave Mareels as CEO.

Hussein Kanji, founding partner at Hoxton Ventures added: “As early investors in Darktrace, we know a thing or two about identifying great UK cyber security talent. We are excited to be partnering with SOC.OS and working with the UK’s leading defence player… to spin out this unique company.”

Content from our partners
The growing cybersecurity threats facing retailers
How to integrate security into IT operations
How Kodak evolved to tackle seismic changes in the print industry and embrace digital revolution

The tool works by ingesting alerts and enriching them with third party threat data, associating the alert with MITRE ATT&CK threat data.

These are then clustered by shared entity and threat type (i.e. so that those hitting your network with similar threat types can be clustered together) and then ranked by urgency using a data visualisation tool.

This is, arguably, nothing that hasn’t been done before, but making it work for the millions of companies out there that are increasingly the unwitting target of cybercriminals — but which would struggle to sign off the budget for SoC support or a larger security team — may be a sweet spot.

See also: F5 Exploits Proliferate After Humdinger of a Bug

 

Websites in our network
NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
I consent to New Statesman Media Group collecting my details provided via this form in accordance with the Privacy Policy
SUBSCRIBED
THANK YOU