Security Operations Centers (SOCs) are the nerve centers of enterprise cybersecurity programs. They should serve a critical function by helping businesses improve their security posture by monitoring, detecting, and analyzing potential cyber threats. But for a number of reasons, today’s SOCs are not doing this effectively.

Today’s digital perimeters grant authorized users anytime/anywhere access to sensitive business data. Because of this, SaaS-heavy IT environments introduce a higher complexity to threat detection and response efforts. User activity on SaaS accounts can be quite varied, occurring on multiple endpoints and from a variety of locations. Businesses must distinguish between legitimate and potentially illicit user activity on busy networks.

Security Operations Centers (SOCs) are known as the “nerve center” of enterprise cybersecurity programs; others view them as “war rooms” or “situation rooms.” Regardless of the moniker, one thing is clear: their function is viewed as a critical competency.

Digital transformation is creating rapidly growing volumes of data, leading to new vulnerabilities and attack vectors. At the same time, adversaries are growing increasingly more sophisticated – consider the recent Capital One breach, or the Equifax breach. This combination of factors means SOCs are struggling to fulfill their critical mission of identifying and eliminating threats.

Magic seems to be very popular at the moment. Just look at last week’s Britain’s Got Talent, which featured an improbable number of magicians in its line-up. These included ‘X’, the masked magician who was wearing something that looked suspiciously like an anonymous mask and managed to supposedly hack Instagram. A lot of cyber security technology seems to work like magic, so is this a coincidence? Is ‘X’ a reformed hacker turned stage magician? Spoiler alert: no.

Endpoint detection and response solutions – EDR as it’s more commonly known – act as enterprise surveillance and thus deliver a rich dataset to security professionals. But as with all advances in security, this rich data wasn’t always available in a speedy and cost-effective way. Yet, as a security professional in today’s always-on world, one of your key responsibilities is to efficiently leverage incoming data from every endpoint across your organization.

Breaches aren’t easy to deal with, especially if you are of the opinion that companies are people too. Having seen, been part of, and lent a shoulder to many a breach, here are nine of the common ways companies respond to breaches.

What is Incident Response? It’s a plan for responding to a cybersecurity incident methodically. If an incident is nefarious, steps are taken to quickly contain, minimize, and learn from the damage. Not every cybersecurity event is serious enough to warrant investigation. Events, like a single login failure from an employee on premises, are good to be aware of when occurring as isolated incidents, but don’t require man hours to investigate.

There has been much discussion of a “software bill of materials” (SBoM) lately, for use when addressing security vulnerabilities. Many are curious, wanting to learn more. Googling the term gives lots of positive descriptions. This post will go negative, describing problems with the concept.

In this latest SnapSecChat video series, our CSO, George Gerchow, talks about the imperative for building the next-gen security operations center (SOC) of the future. Why? Because today’s IT landscape is becoming increasingly complex and cloud-based.