As the responsibilities of the Security Operation Center (SOC) continue to increase, SOC teams are experiencing increased demand on their time and resources. Scaling a security team with little resources and funds can prove extremely difficult, especially when the incident response team spends most of their time chasing alerts.

During the past decade, security operations centers (SOC) have become an integral part of the cybersecurity programs of many organizations. When you think of a defined team spending all of its time managing security events and using consistent processes for remediation, you may envision a group of company employees who report to a CIO or CISO.

During the Investigation of a Web Server Attack alarm for a large multinational enterprise Customer, we conducted an Investigation that inevitably led to the customer isolating the system entirely. The sophistication of the Correlation Rules developed by the AT&T Alien Labs™ team recognized patterns that indicated an attack on the web server.

Potential attackers are really good at what they do. Security analysts see this firsthand with the amount of phishing emails their organizations see daily. A newly released State of the Phish report reveals that nearly 90% of organizations dealt with business email compromise (BEC) attacks in 2019. End users reported 9.2 million suspicious phishing emails globally for the year.