Security Operations | Breaking Cybersecurity News | The Hacker News

Pentesting remains one of the most effective ways to identify real-world security weaknesses before adversaries do. But as the threat landscape has evolved, the way we deliver pentest results hasn't kept pace. Most organizations still rely on traditional reporting methods—static PDFs, emailed documents, and spreadsheet-based tracking. The problem? These outdated workflows introduce delays, create inefficiencies, and undermine the value of the work. Security teams need faster insights, tighter handoffs, and clearer paths to remediation. That's where automated delivery comes in. Platforms like PlexTrac automate pentest finding delivery in real time through robust, rules-based workflows. (No waiting for the final report!) The Static Delivery Problem in a Dynamic World Delivering a pentest report solely as a static document might have made sense a decade ago, but today it's a bottleneck. Findings are buried in long documents that don't align with how teams operate day-to-day. Af...

Security Information and Event Management (SIEM) systems act as the primary tools for detecting suspicious activity in enterprise networks, helping organizations identify and respond to potential attacks in real time. However, the new Picus Blue Report 2025 , based on over 160 million real-world attack simulations , revealed that organizations are only detecting 1 out of 7 simulated attacks , showing a critical gap in threat detection and response. While many organizations believe they're doing everything they can to detect adversary actions, the reality is that a large number of threats are slipping through their defenses unnoticed, leaving their networks far too vulnerable to compromise. This gap in detection creates a false sense of security when attackers have already accessed your sensitive systems, escalated their privileges, or are actively exfiltrating your valuable data. Which begs the question: why, after all this time, money, and attention, are these systems still ...

Pentesting remains one of the most effective ways to identify real-world security weaknesses before adversaries do. But as the threat landscape has evolved, the way we deliver pentest results hasn't kept pace. Most organizations still rely on traditional reporting methods—static PDFs, emailed documents, and spreadsheet-based tracking. The problem? These outdated workflows introduce delays, create inefficiencies, and undermine the value of the work. Security teams need faster insights, tighter handoffs, and clearer paths to remediation. That's where automated delivery comes in. Platforms like PlexTrac automate pentest finding delivery in real time through robust, rules-based workflows. (No waiting for the final report!) The Static Delivery Problem in a Dynamic World Delivering a pentest report solely as a static document might have made sense a decade ago, but today it's a bottleneck. Findings are buried in long documents that don't align with how teams operate day-to-day. Aft...

Security operations have never been a 9-to-5 job. For SOC analysts, the day often starts and ends deep in a queue of alerts, chasing down what turns out to be false positives, or switching between half a dozen tools to piece together context. The work is repetitive, time-consuming, and high-stakes, leaving SOCs under constant pressure to keep up, yet often struggling to stay ahead of emerging threats. That combination of inefficiency, elevated risk, and a reactive operating model is exactly where AI-powered SOC capabilities are starting to make a difference. Why AI SOC is gaining traction now The recent Gartner Hype Cycle for Security Operations 2025 (download a complimentary copy ) recognizes AI SOC Agents as an innovation trigger, reflecting a broader shift in how teams approach automation. Instead of relying solely on static playbooks or manual investigation workflows, AI SOC capabilities bring reasoning, adaptability, and context-aware decision-making into the mix. SOC teams r...

Just as triathletes know that peak performance requires more than expensive gear, cybersecurity teams are discovering that AI success depends less on the tools they deploy and more on the data that powers them The junk food problem in cybersecurity Imagine a triathlete who spares no expense on equipment—carbon fiber bikes, hydrodynamic wetsuits, precision GPS watches—but fuels their training with processed snacks and energy drinks. Despite the premium gear, their performance will suffer because their foundation is fundamentally flawed. Triathletes see nutrition as the fourth discipline of their training that can have a significant impact on performance and can even determine race outcomes. Today's security operations centers (SOCs) face a similar issue. They're investing heavily in AI-powered detection systems, automated response platforms, and machine learning analytics—the equivalent of professional-grade triathlon equipment. But they're powering these sophistic...

Security Operations Centers (SOCs) are stretched to their limits. Log volumes are surging, threat landscapes are growing more complex, and security teams are chronically understaffed. Analysts face a daily battle with alert noise, fragmented tools, and incomplete data visibility. At the same time, more vendors are phasing out their on-premises SIEM solutions, encouraging migration to SaaS models. But this transition often amplifies the inherent flaws of traditional SIEM architectures. T he Log Deluge Meets Architectural Limits SIEMs are built to process log data—and the more, the better, or so the theory goes. In modern infrastructures, however, log-centric models are becoming a bottleneck. Cloud systems, OT networks, and dynamic workloads generate exponentially more telemetry, often redundant, unstructured, or in unreadable formats. SaaS-based SIEMs in particular face financial and technical constraints: pricing models based on events per second (EPS) or flows-per-minute (FPM) ca...

Run by the team at workflow orchestration and AI platform Tines, the Tines library features over 1,000 pre-built workflows shared by security practitioners from across the community - all free to import and deploy through the platform's Community Edition. A recent standout is a workflow that handles malware alerts with CrowdStrike, Oomnitza, GitHub, and PagerDuty. Developed by Lucas Cantor at Intercom, the creators of fin.ai , the workflow makes it easier to determine the severity of a security alert and escalate it seamlessly, depending on the device owner's response. "It's a great way to reduce noise and add context to security issues that are added on our endpoints as well," Lucas explains. In this guide, we'll share an overview of the workflow, plus step-by-step instructions for getting it up and running. The problem - lack of integration between security tools  For security teams, responding to malware threats, analyzing their severity, and identifying the device owner so...

If you're evaluating AI-powered SOC platforms, you've likely seen bold claims: faster triage, smarter remediation, and less noise. But under the hood, not all AI is created equal. Many solutions rely on pre-trained AI models that are hardwired for a handful of specific use cases. While that might work for yesterday's SOC, today's reality is different. Modern security operations teams face a sprawling and ever-changing landscape of alerts. From cloud to endpoint, identity to OT, insider threats to phishing, network to DLP, and so many more, the list goes on and is continuously growing. CISOs and SOC managers are rightly skeptical. Can this AI actually handle all of my alerts, or is it just another rules engine in disguise? In this post, we'll examine the divide between two types of AI SOC platforms. Those built on adaptive AI, which learns to triage and respond to any alert type, and those that rely on pre-trained AI, limited to handling predefined use cases only. Understanding t...

Security operations centers (SOCs) are under pressure from both sides: threats are growing more complex and frequent, while security budgets are no longer keeping pace. Today's security leaders are expected to reduce risk and deliver results without relying on larger teams or increased spending. At the same time, SOC inefficiencies are draining resources. Studies show that up to half of all alerts are false positives, with some reports citing false positive rates as high as 99 percent . This means highly trained analysts spend a disproportionate amount of time chasing down harmless activity, wasting effort, increasing fatigue, and raising the chance of missing real threats. In this environment, the business imperative is clear: maximize the impact of every analyst and every dollar by making security operations faster, smarter, and more focused. Enter the Agentic AI SOC Analyst The agentic AI SOC Analyst is a force multiplier that enables organizations to do more with the team an...

Hackers never sleep, so why should enterprise defenses? Threat actors prefer to target businesses during off-hours. That's when they can count on fewer security personnel monitoring systems, delaying response and remediation. When retail giant Marks & Spencer experienced a security event over Easter weekend, they were forced to shut down their online operations, which account for approximately a third of the retailer's clothing and home sales. As most staff are away during off-hours and holidays, it takes time to assemble an incident response team and initiate countermeasures. This gives attackers more time to move laterally within the network and wreak havoc before the security team reacts. While not every organization may be ready to staff an in-house team around the clock, building a 24/7 SOC remains one of the most robust and proactive ways to protect against off-hours attacks. In the rest of this post, we'll explore why 24/7 vigilance is so important, the challenges ...

In today's security landscape, budgets are tight, attack surfaces are sprawling, and new threats emerge daily. Maintaining a strong security posture under these circumstances without a large team or budget can be a real challenge. Yet lean security models are not only possible - they can be highly effective. River Island, one of the UK's leading fashion retailers, offers a powerful case study on how to do more with less. As River Island's InfoSec Officer, Sunil Patel and his small team of three are responsible for securing over 200 stores, an e-commerce platform, a major distribution center, and head offices. With no headcount growth on the horizon, Sunil had to rethink how security could scale effectively. By adopting a lean security model, powered by Intruder's exposure management platform , the team was able to improve visibility, respond faster to threats, and empower others across the business to fix what matters most. Here are five key lessons from thei...

Microsoft and CrowdStrike have announced that they are teaming up to align their individual threat actor taxonomies by publishing a new joint threat actor mapping. "By mapping where our knowledge of these actors align, we will provide security professionals with the ability to connect insights faster and make decisions with greater confidence," Vasu Jakkal, corporate vice president at Microsoft Security, said . The initiative is seen as a way to untangle the menagerie of nicknames that private cybersecurity vendors assign to various hacking groups that are broadly categorized as a nation-state, financially motivated, influence operations, private sector offensive actors, and emerging clusters. For example, the Russian state-sponsored threat actor tracked by Microsoft as Midnight Blizzard (formerly Nobelium) is also known as APT29, BlueBravo, Cloaked Ursa, Cozy Bear, Iron Hemlock, and The Dukes. Likewise, Forest Blizzard (previously Strontium) goes by other monikers such...

Let's be honest: if you're one of the first (or the first) security hires at a small or midsize business, chances are you're also the unofficial CISO, SOC, IT Help Desk, and whatever additional roles need filling. You're not running a security department. You are THE security department. You're getting pinged about RFPs in one area, and reviewing phishing alerts in another, all while sifting through endless FP alerts across the board. The tools meant to help are often creating more work than they solve. Security teams end up choosing between letting things slip or becoming the "Department of No." Chances are you inherited your company's Google Workspace. Thankfully, Google handles the infrastructure, the uptime, and the spam filtering. But while Google takes care of a lot, it doesn't cover everything, and it can be difficult for security teams to operationalize all of Google's underlying capabilities without significant engineering work. It's your job to se...

Run by the team at workflow orchestration and AI platform Tines, the Tines library features pre-built workflows shared by security practitioners from across the community - all free to import and deploy through the platform's Community Edition . A recent standout is a workflow that automates monitoring for security advisories from CISA and other vendors, enriches advisories with CrowdStrike threat intelligence, and streamlines ticket creation and notification. Developed by Josh McLaughlin, a security engineer at LivePerson, the workflow drastically reduces manual work while keeping analysts in control of final decisions, helping teams stay on top of new vulnerabilities. "Before automation, creating tickets for 45 vulnerabilities took about 150 minutes of work," Josh explains. "After automation, the time needed for the same number of tickets dropped to around 60 minutes, saving significant time and freeing analysts from manual tasks like copy-pasting and web browsing." LivePerson's s...

Intro: Why hack in when you can log in? SaaS applications are the backbone of modern organizations, powering productivity and operational efficiency. But every new app introduces critical security risks through app integrations and multiple users, creating easy access points for threat actors. As a result, SaaS breaches have increased, and according to a May 2024 XM Cyber report, identity and credential misconfigurations caused 80% of security exposures. Subtle signs of a compromise get lost in the noise, and then multi-stage attacks unfold undetected due to siloed solutions. Think of an account takeover in Entra ID, then privilege escalation in GitHub, along with data exfiltration from Slack. Each seems unrelated when viewed in isolation, but in a connected timeline of events, it's a dangerous breach. Wing Security's SaaS platform is a multi-layered solution that combines posture management with real-time identity threat detection and response. This allows organizations to get a ...

The rapid adoption of cloud services, SaaS applications, and the shift to remote work have fundamentally reshaped how enterprises operate. These technological advances have created a world of opportunity but also brought about complexities that pose significant security threats. At the core of these vulnerabilities lies Identity —the gateway to enterprise security and the number one attack vector for bad actors. Explore the importance of modernizing Identity strategies and the benefits of centralizing Identity within your security ecosystem to safeguard your organization from costly breaches while enhancing operational efficiency. The rise of fragmented tech stacks Gone are the days when enterprises relied on a single solution tied to a comprehensive license agreement. Businesses today prioritize agility and performance, opting for "best-in-breed" solutions that patch together fragmented tech ecosystems. While these advanced tech stacks provide flexibility, they also create signif...