The MITRE ATT&CK framework provides the cybersecurity community with information on more than 100 threat actor groups and the platforms they target. The data within the framework comes from publicly available cyber threat intelligence and reports and security teams and threat researchers. ATT&CK is available for free to anyone who wants to use it.

Digital transformation initiatives like moving servers to the cloud, extending work-from-home privileges, and deploying more IoT devices have expanded attack surfaces, making it easier than ever for threats to slip through. At the same time, the number of cyber threats is growing fast. According to Security Magazine, a cyberattack now happens at least every 39 seconds.

The benefits of a security operations centre (SOC) are most obvious when you don't have one. For example, imagine it’s 3 am on a Saturday morning and a hacker breaks into your organisation's systems. There’s no one to detect the intrusion and no one to deal with it either. In fact, it’s not until a member of your sales team notices they are locked out of the network on Monday morning that anyone even knows there is something wrong. After that, things start happening very fast.

Are most network detection and response tools missing something? We think so. Network detection and response (NDR) is an incredible technology. With it, you can analyse network packets for malicious behaviour, spot insider threats, and even find connected devices you don’t own. However, if you want to implement NDR in your environment, you typically need to install proprietary hardware or run your NDR on a dedicated server.

As we've covered before, SIEMs are an expensive tool. The average enterprise-level SIEM deployment costs over £15 million a year, and operating a small, 100 to 1000-seat SIEM will still run up bills of over £10k monthly. SIEMs create spiralling costs that eat security budgets. Without a skilled team operating them, they can also make organisations less secure despite receiving more information about their digital estates. But where do these SIEM costs come from?

Staff time, log processing, and legacy issues can turn free, open-source or low-cost SIEMs into one of your organisation's most expensive investments. You're not alone if you're baulking at the idea of paying upwards of tens of thousands of pounds for a new or renewed SIEM licence. Many security decision-makers feel the same way. One survey showed that almost half (40%) of existing SIEM users feel like they are overpaying for their SIEM.

What tools does the average security operations centre (SOC) use in 2024? What gets in the way when they deploy a new tool? And how stressed are security pros really? These were just some of the questions we wanted to find out the answer to when we partnered with OnePoll at the end of 2023/the start of 2024. Together, we surveyed 250 British and Irish Heads of IT at companies with 500+ employees. Here’s what they said.

The Digital Operations Resilience Act (DORA) is an EU regulation that comes into force in January 2025, but it also impacts UK companies. DORA’s remit will likely cover any UK financial firm that works with EU customers or does business with EU financial firms.

With EDR, like other security tool types, effective performance always comes at a cost. Even if you use an EDR tool that is open source or free, your organisation will still need to invest time to configure, maintain and operate it on an ongoing basis. Sometimes, as we explain in this blog, these costs can dwarf the initial spend in getting an EDR licence in the first place. But, paying high EDR costs is not the only way to get EDR capabilities.