We have built a Security Operations Center at Netskope in short order. Facing the vast expanse of the Security Operations ocean, I grabbed my board with my team and focused on doing a few things really well. We documented workflows, expanded our visibility, and tuned monitoring systems. We paddled out from shore, braving the shark-infested waters of the threat landscape.

“May you live in interesting times.” Cybersecurity professionals live this phrase every day. From supply-chain attacks, pervasive exposure from zero-day vulnerabilities, or the dramatic rise in ransomware, we undoubtedly live—and work—in interesting times.

For security teams, properly managing which users can access resources and governing the level of access those users have is about as basic as locking the door at night. Understandably then, there are thousands of options available to fine-tune or revoke access, and it’s likely that issues come up daily for most companies—if not hourly.

In December 2021, the cybersecurity industry was made aware of CVE-2021-44228, known as Log4Shell, a novel vulnerability in a commonly found software component called Java Log4j. Arctic Wolf extensively covered the Log4Shell vulnerability and gave updates as it got involved.

SecOps is a short form for Security Operations, a methodology that aims to automate crucial security tasks, with the goal of developing more secure applications. The purpose of SecOps is to minimize security risks during the development process and daily activities. Under a joint SecOps strategy, the security and operations teams work together to maintain a safe environment by identifying and resolving vulnerabilities and resolving any security issues.

CVE-2022-1040 and CVE-2022-22247 are two recent vulnerabilities that have been discovered in two different Firewall products. This blog post will cover both the Sophos Firewall vulnerability (CVE-2022-1040) and the SonicWall Firewall vulnerability (CVE-2022-22247).

Today we’re excited to announce our new podcast – 'The Future of Security Operations.' Our first episode is with MongoDB’s CISO Lena Smart, and every other week from now on, we’ll have a new episode with another expert. I wanted to take a few minutes to explain why we’re launching this podcast and what you can expect to gain from listening.

By now, pretty much anyone who uses email is familiar with the term “phishing,” and is aware of the prevalence of phishing scams. However, the term “spear phishing”—and what it means exactly—might be a bit more elusive. Essentially, spear phishing is a more targeted and socially engineered version of a spray-and-pray, bait-and-hook, phishing email.

As revealed in the 2021 Devo SOC Performance ReportTM — which is based on the results of a survey of more than 1,000 security practitioners — organizations are frustrated with their SOC’s lack of effectiveness in performing its vital work. To combat the concerns the survey identified, it’s important for SOCs to refine how they operate.

In the business of security, linking performance metrics to strategy has become an accepted best practice. If strategy is the blueprint for building a security operations center (SOC), metrics are the raw materials. But there is a catch: a security organization can easily lose sight of its strategy and instead focus strictly on the metrics that are meant to represent it.

There’s no question that centralized identity and access management (IAM) helps companies reduce risk and prevent attacks. But, as this week’s Okta attack shows, centralized IAM doesn’t eliminate all risks. Attackers with access to IAM data can use this information to easily access downstream systems or modify permissions to grant elevated access to malicious parties.

Comparing and contrasting the effectiveness of Vulnerability Assessment (VA), Vulnerability Management (VM), Risk-Based Vulnerability Management (RBVM), and Managed Risk®. Performing a vulnerability assessment (VA), implementing a vulnerability management (VM) program, and upgrading your proactive security program with a risk-based vulnerability management (RBVM) approach may help your organization effectively deal with cybersecurity vulnerabilities.

On Monday, March 21, 2022, Okta, an enterprise identity and access management firm, launched an inquiry after the Lapsus$ hacking group posted screenshots on their Telegram channel that the hackers claimed were taken after obtaining access to "Okta.com Superuser/Admin and various other systems." The screenshots that Lapsus$ provided included time stamps consistent with the January 16-21 timeframe provided by Okta.

Just a few years ago, security orchestration, automation and response (SOAR) was the new buzzword associated with security modernization. Today, however, SOAR platforms are increasingly assuming a legacy look and feel. Although SOARs still have their place in a modern SecOps strategy, the key to driving SecOps forward today is no-code security automation.

Security operation teams continuously aim to focus on two main things: 1. Real cyber security threats (also known as “True Positive Alerts”), and 2. Reducing response time, especially when you have so many different sources to monitor. However, in reality, we deal with hundreds of security alerts on a daily basis, many of which are false positives that waste our valuable time. This is where incident response/security automation becomes a requirement rather than nice to have.

Amidst the turmoil of the Ukraine-Russia conflict, incident responders and ransomware researchers observed several ransomware gangs publish statements on their dark web blog sites. Some actors asserted the apolitical nature of their operations, while others clearly favored a side. Most notably, the Conti ransomware group posted a public statement in support of Russia with a stern warning of retaliation on February 25, 2022.

Building an in-house security operations center represents a significant commitment, both financially and strategically, to securing your enterprise. According to the 2021 Devo SOC Performance ReportTM — which is based on the results of a survey of more than 1,000 security practitioners — 73% of respondents said their SOC was “very important” or “essential” to their organization’s overall cybersecurity strategy.

An increasing number of modern security conscious companies have Chief Information Security Officers (CISOs) on the payroll to help them manage their environment from increasingly sophisticated cyber threats. Unfortunately, many other organizations are not currently able to employ a full time CISO. This can be related to a series of contributing factors including a lack of necessary budget, competing priorities, or unfilled vacancies due to a shortage of qualified candidates.

By now, you’ve probably read loads of articles that discuss the COVID-19 pandemic’s impact on business, politics, the economy and much more.But what about SecOps? What permanent effects has COVID wrought on the way businesses secure IT assets? Let’s explore those questions by examining three key security trends that promise to endure long after the pandemic has finally receded.

The Common Vulnerability Scoring System (aka CVSS score) provides a numerical (0-10) representation of the severity of an information security vulnerability.

With chaos seemingly surrounding us in security, it can be hard to cut through the noise. How do you detect and prioritize evolving threats and what tools should you use to address them? With new attacks and vulnerabilities on the rise, combined with ineffective security tools and the industry’s ongoing skill shortage, security operations center (SOC) teams struggle to protect organizations from adversaries.

The security operations center (SOC) plays a critical role in any enterprise’s effort to protect its data from rapidly evolving cybersecurity threats. However, for a variety of reasons revealed in the 2021 Devo SOC Performance ReportTM — which is based on the results of a survey of more than 1,000 security practitioners — organizations are frustrated with their SOC’s lack of effectiveness in performing its vital work.

The world is in a tumultuous place at the time of this writing, with all eyes on the escalating ground war unfolding in Ukraine. As devastating as the news has been, cybersecurity observers are well aware of the unseen battles unfolding simultaneously in cyberspace. The importance of businesses, governments, and other organizations protecting vital systems and sensitive data has never faced such a stark context.

We are excited to share that Arctic Wolf® is ranked 42nd on Fast Company’s Top 50 Most Innovative Companies List, and number 2 in the award’s Security category. This prestigious list recognizes businesses that are making the biggest impact within their industries and on culture as a whole—companies thriving in today’s dynamics. At Arctic Wolf, we constantly innovate because cyber threats are continually impacting our world, whether as organizations or as individuals.

When it comes to maintaining your car’s performance, getting regular wheel alignments can prevent uneven braking, reduced fuel efficiency, and accelerated tire wear. For all four tires to work together, traveling in the same direction, proper alignment is vital. So, too, it is for the modern SOC. Or at least it should be.

In April 2021, CVE-2022-0847 was discovered by security researcher Max Kellermann; it took another few months for him to figure out what was happening. The flaw has already been patched in the Linux kernel and the Android kernel. Affected Linux distributions are in the process of pushing out security updates with the patch. Due to the similarities of the Dirty Cow flaw, CVE-2016-5195; has been named Dirty Pipe.

2021 was an interesting year for all of us working in IT security. It wasn’t just the spike in supply chain attacks, most notably SolarWinds and Kasaya. It wasn’t just the waves of vulnerabilities leading to privileged access and remote code execution (RCE) in Microsoft Exchange, in printer drivers, externally exposed remote desktop protocol (RDP), and, of course, in OSS projects like Log4J.