A security operations center (SOC) is a centralized facility that unifies an organization’s security monitoring across all IT infrastructure. SOCs function as a hub for information security personnel and the processes and technology needed to detect, monitor, and remediate cyber threats through real-time data analysis.
Global organizations are working towards making data privacy a fundamental right. However, as the privacy paradigm shifts to a digital world, businesses are more exposed than ever before. That’s because security has not been the focus of this revolution in IT infrastructure.
In the second half of 2021 the AT&T Managed Threat Detection and Response (MTDR) security operations center (SOC) observed an increasing number of attacks against vulnerable Exchange servers. A number of these attacks were attempting to leverage proxyshell vulnerability to gain access to customer’s networks.
The shift to the cloud has greatly accelerated during the past year, and with that shift most cybersecurity incidents now involve cloud infrastructure. According to the 2021 Verizon Data Breach Investigations Report, 73% of cybersecurity incidents involved cloud assets — a 27% increase from last year. The 2021 IBM Security X-Force Cloud Threat Landscape Report also found there are 30,000 cloud accounts potentially for sale on dark web marketplaces.
In December 2019, a small team met at the Splunk office in Boulder to figure out how we could provide a 24x7x365 experience for Boss of the SOC (BOTS). As we started brainstorming, this broadened to include workshops to provide an opportunity to learn in addition to a place to play.
Operating an effective SOC requires overcoming a wide range of challenges. Often, security teams have too many disparate tools to manage, too many alerts to make sense of, and too many data sources that prevent the team from achieving full visibility. All these hurdles can make it difficult for your SOC analysts to identify and quickly respond to suspicious behavior and indicators of compromise.
We live in a technological society, and cyber attacks are on the rise. Much of this fraudulent activity is linked to malicious actors or gangs of cyber criminals who are trying to exploit anything they can get their hands on. By using tools like Cobalt Strike or customized alternatives, they attempt to penetrate an organization's defenses in order to gain leverage, exfiltrate PIIs, plant ransomware or CnC beacons, or perform other kinds of malicious acts.
