SoC | Breaking Cybersecurity News | The Hacker News

It sure is a hard time to be a SOC analyst. Every day, they are expected to solve high-consequence problems with half the data and twice the pressure. Analysts are overwhelmed—not just by threats, but by the systems and processes in place that are meant to help them respond. Tooling is fragmented. Workflows are heavy. Context lives in five places, and alerts never slow down. What started as a fast-paced, high-impact role has, for many analysts, become a repetitive loop of alert triage and data wrangling that offers little room for strategy or growth.  Most SOC teams also run lean. Last year, our annual SANS SOC Survey found that a majority of SOCs only consist of just 2–10 full-time analysts , a number unchanged since the survey began tracking in 2017. Meanwhile, the scope of coverage has exploded, ranging from on-prem infrastructure to cloud environments, remote endpoints, SaaS platforms, and beyond. Compounded at scale, this has led to systemic burnout across SOC environment...

AI holds the promise to revolutionize all sectors of enterpriseーfrom fraud detection and content personalization to customer service and security operations. Yet, despite its potential, implementation often stalls behind a wall of security, legal, and compliance hurdles. Imagine this all-too-familiar scenario : A CISO wants to deploy an AI-driven SOC to handle the overwhelming volume of security alerts and potential attacks. Before the project can begin, it must pass through layers of GRC (governance, risk, and compliance) approval, legal reviews, and funding hurdles. This gridlock delays innovation, leaving organizations without the benefits of an AI-powered SOC while cybercriminals keep advancing. Let's break down why AI adoption faces such resistance, distinguish genuine risks from bureaucratic obstacles, and explore practical collaboration strategies between vendors, C-suite, and GRC teams. We'll also provide tips from CISOs who have dealt with these issues extensively as w...

Behavioral analytics, long associated with threat detection (i.e. UEBA or UBA), is experiencing a renaissance. Once primarily used to identify suspicious activity, it's now being reimagined as a powerful post-detection technology that enhances incident response processes. By leveraging behavioral insights during alert triage and investigation, SOCs can transform their workflows to become more accurate, efficient, and impactful. Fortunately, many new cybersecurity products like AI SOC analysts are able to incorporate these techniques into their investigation capabilities, thus allowing SOCs to utilize them into their response processes. This post will provide a brief overview of behavior analytics then discuss 5 ways it's being reinvented to shake up SOC investigation and incident response work. Behavior Analysis is Back, But Why? Behavioral analytics was a hot topic back in 2015, promising to revolutionize static SIEM and SOC detections with dynamic anomaly detection to uncover t...

The role of the CISO keeps taking center stage as a business enabler: CISOs need to navigate the complex landscape of digital threats while fostering innovation and ensuring business continuity. Three CISOs; Troy Wilkinson, CISO at IPG; Rob Geurtsen, former Deputy CISO at Nike; and Tammy Moskites, Founder of CyAlliance and former CISO at companies like Time Warner and Home Depot – shared their perspectives on how to run an effective SOC in 2023. 1) Prioritize Cost Efficiency While Remaining 'Secure' As a world-renowned speaker, a co-author of an Amazon Best Seller, and a trusted commentator on prominent news networks such as NBC, CBS, and Fox, Troy Wilkinson, knows a thing or two about cybersecurity. When adopting new technologies, Troy reinforces that CISOs don't have the luxury of waiting months or years to see the value of new investments; "Time to Value is critical. New solutions need to deliver value quickly." Rob Geurtsen, former Deputy CISO at Nike,  jo...

Security Operations is a 24 x 7 job. It does not stop for weekends or holidays or even that much-needed coffee break after the first hour of the shift is complete. We all know this. Every SOC engineer is hoping for some rest at some point. One of my favorite jokes when talking about Security Operations is "3 SOC engineers walked into a bar…" That the joke. No SOC engineers have time to do that. They get it. They laugh. So why is this all true? Let us explore that a little bit. Demand for experienced SOC engineers far surpasses the available talent. Event volume levels boggle the imagination compared to even just a few years ago. Utilization of tools to their utmost capability has often not been a priority.  In the Security Operations space, we have been using SIEM's for many years with varying degrees of deployments, customization, and effectiveness. For the most part, they have been a helpful tool for Security Operations. But they can be better. Like any tool, t...