PERCEPTION VS. REALITY: The Myth of 100 Security Data Sources

The realities of security monitoring and the promise of SIEM? In enterprise IT, data is collected from any number of IT and security devices, and then used to monitor, protect, understand and manage our technology-enabled businesses. Due to the ever-expanding attack surface, the amount of data collected today is overwhelmingly unmanageable, and ironically, we only

Ripping off the Bandage: How AI is Changing the SOC Maturity Model

The introduction of virtual analysts, artificial intelligence and other advanced technologies into the Security Operations Center (SOC) is changing how we should think about maturity models. AI is replacing traditional human tasks, and when those tasks are automated the code effectively becomes the procedure. Is that a -1 or a +10 for security operations? Let’s

Did You Know Security Engineering Has Hidden Costs?

Security engineers supporting a Security Operations Center (SOC) face the difficult job of providing an appropriate quantity of actionable alerts to SOC analysts. Typically, they are tasked with presenting alerts of interest to the analyst and they accomplish this by managing detection technologies, developing detection content and integrating security context. As they try to maintain the analyst’s console, their duties become overly complicated and riddled with hidden costs.

Rules vs. Reasoning in the Security Ops Center

For the last 15 years, Security Ops Centers have been using rules (aka Boolean logic) to describe situations that look like an attack from the logs collected into their SIEM solutions. As an industry-wide standard practice, the intent is to reduce the volume of events to a reasonable level so that a human can effectively analyze them.

AI & Cybersecurity: Rebalancing a SOC Analysts Tasks

The hype cycle for artificial intelligence (AI) is in full swing and there is much confusion over what AI can do for cybersecurity. Unlike past attempts to build useful AI, we’re already seeing significant differences in available and upcoming technology. Advances in all areas of machine learning and AI are coming fast, enabled by the exponential growth of processing power and the prevalence of off-the-shelf libraries and algorithms.

Self-driving SOCs Will Progress Much Like Autonomous Cars

Analysts in enterprise Security Operations Centers (SOCs) are a lot like drivers on a long journey. They stare at screens or through windshields for hours on end, trying to identify and respond to any potential threats or hazards. Even the best of them struggle with boredom, fatigue, and frustration. And their own biases and expectations influence the way they interpret the information that comes at them.