Managing a Security Operations Centre at Scale

What is AsGARD?

AsGARD is the platform that provides oversight to MidGARD. It is the system that our SOC uses to manage, deploy and maintain MidGARD instances.
AsGARD provides our SOC the complete end to end workflow management to manage incidents at scale across thousands of MidGARD deployments. It provides the alert management, ChatOPS capabilities and collaboration tools needed to improve, manage, maintain and automate.
Rule Management

Complete management of rule bases within MidGARD including rule candidates submitted by clients.

Alert Roll-up

By combining alerts across multiple clients, investigations can be performed at scale and large scale attacks detected easily.

Incident Management

A complete tool-set to enable a SOC to operate at scale and investigate quickly across thousands of clients.

Threat Intelligence

Providing the tools to identify, integrate and rationalise intelligence feeds from around the world and integrate them into the MidGARD enrichment engine.

Machine Learning

MidGARD is the recipient of the learning that is actually done in AsGARD. A SOC driven approach leveraging experts to drive the process.

Deployment Management

A complete tool-set to manage and deploy MidGARD instances at scale through automation technologies.

Identity Management

A full suite of management tools to deliver secure standardised identity management across the whole MidGARD estate.

Tenancy Management

The ability to deploy MidGARD as single or multi tenant instances with cluster relationships to meet every possible use case deployment.

Machine Learning

AsGARD is where we store our data lake. The data lake contains a copy of every event from every MidGARD deployment and is only accessible by the SOC. This data lake is where we are able to analyse both current and past data for unknown activity. As we believe that a machine left to learn on its own will be less than ideal, our machines interface with the SOC analysts in a Human <> Machine loop where the machine highlights potential issues to the analyst, and then the analyst can investigate and confirm or reject the issue, teaching the machine as we go. We believe this is how machine learning should be done in cyber.