SOCsoter, a security information and event management (SIEM) platform provider, has integrated U.S. Cybersecurity and Infrastructure Security Agency (CISA) indicators of compromise (IOCs) into its Managed Cloud SIEM (MCS) cloud monitoring tool for MSPs, according to a prepared statement.
The CISA IOCs were added to MCS after hackers last month allegedly weaponized SolarWinds Orion business updates to distribute SUNBURST malware.
MCS now combines "always-on" security monitoring with CISA insights, SOCsoter stated. As such, MSPs can use MCS to provide continuous coverage of malicious activity across customers' Microsoft 365 and Azure environments.
How Does MCS Work?
MCS offers automated threat intelligence and built-in security rules, SOCsoter noted. It uses data to highlight signs of potential malicious activity in cloud environments.
In addition, MCS is backed by a SOCsoter's security operations center (SOC), the company indicated. The tool ensures SOC analysts are available to investigate and assess security alerts and respond to threats as needed.
MCS also works in combination with other SOCSoter SOC and SIEM products, the company pointed out. It enables MSPs to leverage network, endpoint and cloud data and threat intelligence to determine if malicious activity is taking place in customers' cloud environments.
SOCsoter introduced MCS last year. MCS is offered exclusively through SOCsoter's MSP partners, and all API integrations associated with the tool are available for one monthly price.
FireEye Unveils Microsoft 365 Security Tool
Along with SOCsoter's MCS update, FireEye last week launched the Azure AD Investigator auditing script to help MSPs check Microsoft 365 tenants for indicators of compromise (IOCs) that require further verification and analysis.
Azure AD Investigator notifies Microsoft 365 administrators and security practitioners about artifacts that may require additional review to determine if they are malicious or part of legitimate activity, according to FireEye. In doing so, Azure AD Investigator allows these admins and practitioners to watch for techniques associated with SolarWinds Orion attacks and other threat activity.