Managed SOC, also known as SOC as a Service, is a subscription-based offering whereby organizations outsource threat detection and incident response. Based on the concept of turning an internal security operations center (SOC) into an external cloud-based service, a managed SOC offers IT organizations external cybersecurity experts that monitor your logs, devices, cloud environments, and network for known and evolving advanced threats.
Today we published the 2020 Devo SOC Performance ReportTM. The subtitle, A Tale of Two SOCs, underscores that there are two types of security operation centers (SOC): those that are performing reasonably well and those that are struggling. As someone who has worked in cybersecurity for more than 20 years, I find the results of our second annual SOC report informative, instructive, and also extremely irritating.
A well-run security operations center (SOC) stands as the central nervous system of an effective cybersecurity program. SOCs serve as a hub of organization-wide detection and response capabilities for the people tasked with stopping cyber threats within their organization.
What if you could get your hands on a force multiplier that got rid of the repetitive, routine work that was tying down your team, got more productivity out of your assembled work force, and gave everyone a more challenging, meaningful to-do list that made better use of their knowledge, experience, and passion?
As the responsibilities of the Security Operation Center (SOC) continue to increase, SOC teams are experiencing increased demand on their time and resources. Scaling a security team with little resources and funds can prove extremely difficult, especially when the incident response team spends most of their time chasing alerts.
During the past decade, security operations centers (SOC) have become an integral part of the cybersecurity programs of many organizations. When you think of a defined team spending all of its time managing security events and using consistent processes for remediation, you may envision a group of company employees who report to a CIO or CISO.
During the Investigation of a Web Server Attack alarm for a large multinational enterprise Customer, we conducted an Investigation that inevitably led to the customer isolating the system entirely. The sophistication of the Correlation Rules developed by the AT&T Alien Labs™ team recognized patterns that indicated an attack on the web server.
Potential attackers are really good at what they do. Security analysts see this firsthand with the amount of phishing emails their organizations see daily. A newly released State of the Phish report reveals that nearly 90% of organizations dealt with business email compromise (BEC) attacks in 2019. End users reported 9.2 million suspicious phishing emails globally for the year.
The security operations center (SOC) plays a critical role in an enterprise organization’s efforts to protect their data from rapidly evolving cybersecurity threats. However, for a variety of reasons revealed in this report by the Ponemon Institute—based on a survey sponsored by Devo of more than 500 IT and security practitioners—organizations are frustrated with their SOC’s lack of effectiveness in performing its vital work.
