If you are an application developer or security analyst, you likely spend a lot of time thinking about your customers’ security. IT operations teams have found many ways to help secure login portals by implementing dual authentication and Single-Sign-On (SSO) portals. Many IT organizations have learned to use SSO and Two Factor Authentication (2FA) to help secure their codebase and employee data. This method is great, assuming that all users are compliant with 2FA.

I recently had the opportunity to discuss state-of-the-art technologies to support security operations with industry analysts. I asked questions and confirmed that the current view of SOAR (security orchestration, automation and response) and SIEM (security information and event management) goes well beyond the security operation center (SOC).

Nowadays, it’s mostly a foregone conclusion that companies need a security program and centralized log aggregation and correlation platform. Unfortunately, the conversation all too often turns toward tactics for data collection and detection of specific threat actors or common vulnerabilities and exposures (CVEs).

Security professionals involved in the IT and cybersecurity industry for the last 10+ years have most likely come across the terms SIEM and recently SOAR, but there is still much confusion about what the specific use cases and purposes are. So, are these tools the same thing? Do security teams need one, the other, or both within their security operation center (SOC) infrastructure?

The news that hacking group Lapsus$ gained unauthorized access to Single Sign-On (SSO) provider Okta through a third-party support account sent chills through information security professionals everywhere. Organizations have adopted SSO identity providers to enable a modern workforce that is increasingly reliant on secure access to cloud-hosted applications to perform critical business functions.

Since our inception, Sumo Logic has been laser-focused on delivering real-time machine data analytics to accelerate digital transformation, while helping businesses effectively build, run, and secure their modern applications and infrastructure—in the cloud or in hybrid environments.

In the last twenty years, more technology has been produced since the beginning of human history. And while we have talked about industrial automation since 1952, the complexity of today’s cybersecurity analyst activities makes the need to embrace automation paramount.

Cybersecurity presents an ever-escalating challenge for most C-level executives. As the average cost of a data breach continues to grow, the sheer volume of attacks threatens to overwhelm resource-strapped IT organizations. In response, many executives are looking to AI-enabled SOAR solutions (Security Orchestration Automation and Response) to help shorten threat response times, optimize high-value security personnel, and reduce overall business risk.

The ever-evolving cyber threat landscape gives birth to new, unprecedented cyberattacks that challenge traditional cybersecurity approaches and force security operations centers (SOCs) to evolve and redefine their methods. To ensure that the integrity of their data is well-protected, SOCs have to be one step ahead of malicious actors. Ergo, the necessity of creating the modern SOC comes into play.

Machine data analytics is the process of parsing data generated by software from a wide variety of sources including servers, networks, applications and financial records. These, and many other similar sources, produce massive amounts of data including from local operating systems, identity/access management tools, cloud consoles and their associated log files, alerts, scripts and profiles.