Security operations center (SOC) teams face a daily barrage of incomplete and inaccurate alerts that lack vital contextual information, many of them false positives. As a result, analysts miss critical threats and take longer to investigate and respond to them, increasing the risk of a breach.
eyeAlert is an extended detection and response solution that converts telemetry and logs into high fidelity, SOC-actionable probable threats.
It automates the detection, investigation, hunt for and response to advanced threats across all connected assets – IT, OT/ICS, IoT and IoMT – from campus to cloud to data center to edge. eyeAlert combines essential SOC technologies and functions into a unified, cloud-native platform, viewable and actionable from a single console.
Reduce the risk and magnitude of a successful attack, business disruption or data breach by eliminating alert noise so you can quickly and accurately detect, investigate and respond to the broadest range of advanced threats.
Consolidate point solutions (data lake, security analytics, SOAR, UEBA, threat intel platform) and reduce costs related to data onboarding, rules management and analyst turnover with a solution that simplifies and supports their workflow.
Streamline the analyst function and speed complex investigation and threat-hunting processes with enriched, normalized and contextualized data correlated to produce a small number of detections that warrant investigation – all in a unified console that integrates with case management systems and other security tools.
Derive more value from existing solutions and make better use of asset data and threat intel via automation across case management and incident response systems, sensors (network, endpoint, cloud) and enforcement points.
Combine long-term log storage with automated threat detection and threat intelligence to close the potential gap between when a breach or disruption is noticed and when a response action is taken.
“Forescout, delivered as a managed service, is a strategic part of our layered defense strategy. It combines essential storage of raw telemetry, in support of compliance mandates, with advanced threat detection and response capabilities to further reduce risk and help us meet cyber insurance requirements. Its ability to automatically and reliably identify true threats from a broad range of data sources across our highly distributed and global IT environment, and to present these with detailed contextual information that streamlines the investigation and response process, is both impressive, and essential in today’s threat environment.”
— Andrew Arthurs, CIO, Aimbridge Hospitality
Watch CTO Justin Foster run through key features in eyeAlert.
Vendor and EDR Agnostic Data Ingestion
450x Better Detections
Full Spectrum Response
Up Front Risk Reduction
Simple, Predictable, and Accessible PricingeyeAlert combines vendor- and EDR-agnostic support for more than 180 data sources in our cloud-based data lake, with cost-effective log retention and management, automated data normalization and enrichment, and a two-stage threat detection engine to weed out false positives and identify true threats, along with more than 1,500 verified detection rules and models that are regularly updated.
Natively supports Forescout eyeSight, eyeInspect and Medical Device Security data – and over 180 vendor- and EDR-agnostic sources including:
security, infrastructure, enrichment, applications and cloud/SaaS
Helps ensure that you extract maximum detection value to support your most important use cases. Forescout data engineers work alongside your team to plan and prioritize the data sources to be onboarded, then help configure the data pipeline and ensure your data is being properly parsed, cleansed, normalized and enriched.
Applies a rigorous data science-centric approach to manage data flowing from enterprise-wide sources into thethreat detection engine.
Allows you to instantly see how different data sources map to the tactics, techniques and procedures (TTPs) of the MITRE ATT&CK framework. This makes it easy to prioritize the initial data sources that should be ingested for broad or specific TTP coverage, to identify potential blind spots that adversaries can exploit and to determine which additional data sources would further elevate your coverage.
Massively scalable, purpose-built, indexed data lake with tiered data storage (hot, warm, cold) and rapid, full-text search. This provides cost-effective short-term and optional longer-term (7 days to 1 year+) log retention and management of either raw telemetry or enriched data, in support of security and compliance requirements.
Two-stage threat detection engine applies five detection techniques to automatically generate high-fidelity, high-confidence true threats that warrant investigation, while weeding out false positives.
Includes more than 1,500 verified, out-of-the box detection rules and models for your data sources. These rules have been tested on production data to ensure they operate effectively and deliver value on Day One. Custom detection rules give you the power and flexibility to quickly create indicator, detection and health rules that address your unique requirements, with a guided user experience.
eyeAlert references IOCs from over 70 high-quality sources worldwide, including from Vedere Labs, Forescout’s team of global research experts. These IOCs are classified, corroborated and scored to provide finished intelligence that is automatically leveraged across the threat detection, hunting and investigation process. You have access to detailed threat reports from Forescout researchers that profile key threat actors and threats. Anonymized IOC data can also be shared among opt-in community members, including industry-specific ISACs, via a built-in community threat exchange.
Behavior-based analytics are used to detect significant changes to behavior or anomalous activity for an entity. Standard profiles and behaviors are built for users and hosts across time, and any activity that is anomalous to these standard baselines is triggered as suspicious.
Orchestrates the SOC process from detection through investigation and response with built-in case management and notifications.
Provides workflows, tight integration, transparency and seamless communication and collaboration during detection handling and incident management.
Preconfigured and customizable persona-based dashboards provide KPIs relevant to a variety of roles, including analysts/IR, engineers, SOC manager, compliance and risk managers, and executives. Proactive dissemination and sharing of reports and/or metric delivers insight into the hands of those responsible for manageing SOC operations as well as exectutive team members.
Nothing to deploy, with new features, fixes and rules delivered seamlessly and bi-weekly
Logical separations (or tenants) easily created based on country, office location or business unit, for example. You can also generate aggregate views and perform queries and analyses across tenants and business units, right up to the global level.
Particularly beneficial for large enterprises, multinationals, MSSPs and organizations with regional SOCs.
Data residency and compliance requirements readily met, with cost-effective support for regional security operations. Specify where you want your logs to be stored among 25 regions across the Americas, Europe and Asia-Pacific – while still being able to view and query your data globally.
True threats identified by eyeAlert can be fed to an existing SIEM for centralized orchestration and incident response.
New features, functionality and fixes, along with new detection rules and models, are seamlessly delivered every few weeks, without requiring any operational support or causing disruption.
Our team of experts operates as a remote, seamless extension of your SecOps team, to provide around-the-clock monitoring of your threat environment using eyeAlert. Services include security monitoring and triage, log source monitoring, threat investigation, incident management and threat hunting.
111,000 alerts per day = 450 alerts per hour. Source: “The 2020 State of Security Operations,” Forrester Consulting”.
The actual number of alerts a SOC receives depends on a many factors including the number, type and location of security controls deployed, the tuning of those controls (which is a function of analyst capacity, risk tolerance and level of expertise), the number of employees/devices and industry.
2Based on aggregate data averaged over a one-year period (Dec 2021-2022), across 30 enterprises, representing a range of company sizes and industries.
