Strathclyde University’s cyber spin-out Lupovis has launched a new service designed to help security analysts and Managed Security Service Providers (MSSPs) identify false positive security alerts from genuine threats.
False positives are flagged by security products that identify an innocent activity as a malicious attack and security analysts often spend a significant proportion of their day investigating them. This drains resources and overwhelms often unstaffed security teams.
Through Lupovis’s new platform features, which are dubbed Prowl, MSSPs and security analysts can send an IP address to Lupovis using a dedicated API, which will then automatically confirm whether the IP address is coming from a bot, or a human attacker.
Utilising data from Lupovis’s cyber decoys, the API also provides critical intelligence, feeding security analysts and MSSPs with information around the location of an attacker and information on their Tactics, Techniques and Procedures (TTPs), enabling security teams to take appropriate action to prevent further attacks. Which, the company says, saves time and means analysts can focus their time investigating and remediating real threats, while eliminating bot noise.
“While the volume of attacks organisations face continues to rise, the number of unfilled cybersecurity jobs also grows, so security teams cannot afford to waste their time investigating false positives, they simply do not have the resources. Through our new platform feature, security teams and MSSPs can overcome this burden and easily check IP addresses to identify if the traffic are bots, or if there are any indicators of intelligence, which would reveal it is a human adversary they are facing. This saves time, improves efficiency, and means time and money is going towards security issues that matter to businesses, not ones that should be ignored,” said Xavier Bellekens, CEO of Lupovis.