How Automating Long Tail Analysis Helps Security Incident Response

Today’s modern cybersecurity solutions must scale to unparalleled levels due to constantly expanding attack surfaces resulting in enormous volumes of diverse data to be processed. Scale issues have migrated from just the sheer volume of traffic, such as IOT led DDoS attacks and the traffic from multiple devices, to the need for absolute speed in

Did You Know Security Engineering Has Hidden Costs?

Security engineers supporting a Security Operations Center (SOC) face the difficult job of providing an appropriate quantity of actionable alerts to SOC analysts. Typically, they are tasked with presenting alerts of interest to the analyst and they accomplish this by managing detection technologies, developing detection content and integrating security context. As they try to maintain the analyst’s console, their duties become overly complicated and riddled with hidden costs.

High Volume Cybersecurity Event Feeds

Recently, I’ve found myself reminiscing about my early experiences as a security operations center (SOC) analyst and how much the industry has changed in the last 15 years. I can’t help but notice that despite all the technology we’ve thrown at the SOC, we really haven’t changed things that much.