Threat hunting is one of the most critical activities performed by SOC teams. Once an alert triggers and a tier-1 analyst assesses it and sends it up the line for further evaluation by a more senior analyst, the race is on. Hunting down the threat as quickly as possible, before it can wreak havoc on the organization, becomes the top priority.
As if the pandemic itself weren’t causing enough pain and suffering in the world, cybercriminals are busy developing and deploying COVID-19-related malware to try and take advantage of unsuspecting victims. Fortunately, one of the world’s leading technology companies, Microsoft, is taking action to help people avoid becoming victims of these scams.
During the past decade, security operations centers (SOC) have become an integral part of the cybersecurity programs of many organizations. When you think of a defined team spending all of its time managing security events and using consistent processes for remediation, you may envision a group of company employees who report to a CIO or CISO.
With most of the country sheltering in place and so many people working remotely, work-life balance is taking on a new meaning and cloud infrastructure is taking a beating. The dramatic increase in daily activity and network use is creating both a visibility challenge and an operating model shift for already lean security teams.
Building an in-house SOC represents a significant commitment, both financially and strategically, to securing your enterprise. In a report from the Ponemon Institute—based on a survey sponsored by Devo of more than 500 IT and security practitioners—67 percent of respondents said their SOC was “very important” or “essential” to their organization’s overall cybersecurity strategy.
You’ve probably heard by now that we face a severe shortage of cybersecurity professionals with the skills and experience necessary to effectively defend against today’s—and tomorrow’s—threats. Cybersecurity Ventures estimates there will be 3.5 million unfilled jobs globally by 2021. Fortunately, there are key areas of the SOC workflow that can be automated to take advantage of security analyst intuition and act as a force multiplier.
The security operations center (SOC) plays a critical role in an enterprise organization’s efforts to protect their data from rapidly evolving cybersecurity threats. However, for a variety of reasons revealed in this report by the Ponemon Institute—based on a survey sponsored by Devo of more than 500 IT and security practitioners—organizations are frustrated with their SOC’s lack of effectiveness in performing its vital work.
As someone who began working in security operations centers (SOC) more than 30 years ago, back when we were known as computer incident response teams (CIRT), I am acutely aware of just how challenging it is to make a living as a SOC analyst. That’s why I’m so enthusiastic about the new Devo Security Operations Platform we launched recently.
Recently, Security Boulevard published an article I wrote about the role technology plays in the modern security operations center (SOC). It’s a topic near to my heart, since I began working in SOCs back when we were known as “computer incident response teams” (CIRT). Over the years, I’ve seen a lot of outstanding technologies hit the market that have contributed greatly to improving security teams’ ability to identify, investigate and respond to threats.
This month Devo exhibited at the AWS re:Invent conference in Las Vegas. I asked a few Devo colleagues who attended the show for their insights about what they heard and saw. Among the many visitors to the Devo booth there were a lot of similar questions about log management and related topics. “There were many log vendors at the show, so people wanted to hear what makes Devo unique,” said Seema Sheth-Voss, vice president, product marketing, for Devo.
