I recently took – and passed – the CompTIA Security+ exam (Sec+). Sec+ is a general introduction to multiple functional areas of security, ranging from network security to access control and identity management, for anyone looking to break into the space. For context, I have no previous training as a network or security professional, and my educational background was finance and Russian, nothing related to security.

Organizations build a SOC – a dedicated, centralized team of security experts – to effectively detect and respond to advanced threats. However, as SOCs deal with evolving threats and an expanding attack surface, advancements in the stack have not kept pace and analysts are feeling the pain.

Organizations are stretched thin managing increasingly complex environments and ever-expanding threat landscapes. At the same time, adversaries are becoming more organized and sophisticated, resulting in more complex and advanced threats. The current workflow in the Security Operations Center (SOC) – how data is analyzed and acted on – is simply not working. There are too many tools, not enough visibility, and burned-out analysts.

Security Operations Centers (SOCs) are the nerve centers of enterprise cybersecurity programs. They should serve a critical function by helping businesses improve their security posture by monitoring, detecting, and analyzing potential cyber threats. But for a number of reasons, today’s SOCs are not doing this effectively.

Security Operations Centers (SOCs) are known as the “nerve center” of enterprise cybersecurity programs; others view them as “war rooms” or “situation rooms.” Regardless of the moniker, one thing is clear: their function is viewed as a critical competency.

Digital transformation is creating rapidly growing volumes of data, leading to new vulnerabilities and attack vectors. At the same time, adversaries are growing increasingly more sophisticated – consider the recent Capital One breach, or the Equifax breach. This combination of factors means SOCs are struggling to fulfill their critical mission of identifying and eliminating threats.

The past few months have been busy for us at Devo! We’ve been on a security conference tour; the first stop was Gartner Security & Risk, then AWS re:Inforce, and last week, Black Hat. Black Hat was exciting because, in case you missed it, we announced our vision for and showcased our next-gen cloud SIEM!

IDC says to estimate reaching 175 zettabytes of data by 2025, a 61 percent increase from today’s data volumes. Business leaders and IT executives overwhelmingly agree that they can do more to harness this data, but are we as an industry lacking for imagination? Or do we simply not know where to start or how to progress? To add insult to injury, today’s enterprises are stuck in the land of silos and replication, and too much data wrangling that consumes an already oversubscribed budget.

If you’re reading this, you likely know what a log is, and what a metric is. But sometimes there are questions on their differences, whether you really need both, and if you should use dedicated solutions to manage each type. The answers? Yes, you need both; yes, they should be unified. Logs and metrics, aka machine data, are complementary.

The data visualization space is crowded. There are lots of tools, each purporting to be the tool that solves your data woes and leads you to insight via illustrations. But while you may get good-looking graphs, you are probably not seeing the behind-the-scenes pain from IT: analytics dashboards and vertical applications take multiple meetings for gathering requirements, and they discover the direction wasn’t quite right the first time around.