Innostage Cardinal Threat Detection and Incident Response (TDIR)

Main article: Security Information and Event Management (SIEM)

2025: Presentation of Innostage Cardinal Threat Detection and Incident Response

Innostage has developed the Innostage Cardinal Threat Detection and Incident Response (TDIR) platform, designed to optimize the flow of information security incidents, manage information security incidents and improve the efficiency of cybersecurity teams. The solution uses machine learning (through integration with the "SOC Virtual Analyst" - Innostage Carmina AI) and algorithmic rules to identify suspicious activities and quickly respond to potential threats. The company announced this on April 28, 2025.

Innostage Cardinal TDIR is an affordable solution for comprehensive analysis and management of information security incidents that helps information security specialists aggregate information from various sources, quickly obtain complete information about events and incidents, identify false positives, thereby optimizing the load of SOC employees and cybersecurity teams. The solution also provides methodological support by forming recommendations for processing information security incidents based on the competencies of the Innostage SOC CyberART cyber threat response center.

The functionality of the solution includes:

• Aggregate and trottle (streamline event flow) to SOC employees and cybersecurity teams by cutting off false-positive events and forming flexible, personalized rules for handling incoming incidents that take into account the specifics of IT infrastructure and policies using flexible decision algorithms.
• Automate the comprehensive collection of information about the event, its environment and affected assets.
• Making recommendations for the diagnosis and elimination of information security incidents based on the examination of SOC Innostage CyberART

These functions help avoid overloading the security command with alerts of the same type. Innostage Cardinal TDIR uses "auto-design" - an automated process for analyzing and classifying security events with recommendations for eliminating threats based on real-world experience of SOC Innostage. The solution filters incident streams by cutting off false-positive incidents, leaving true-positive and incidents requiring additional investigation and processing.

The implementation of the Innostage Cardinal TDIR will allow customers to reduce false positives by up to 30% and automate up to 40% of the work of the SOC analyst, freeing up information security team resources for more important tasks. The system can adapt to any infrastructure and be supported by the client on its own.