Cybersecurity is Complicated, Here’s a Little Help

If you’re like me, continuously listening to webinars & podcasts to broaden your knowledge of the security industry, emerging trends, and new threats – you’re always looking for reliable, thought-provoking sources to learn and educate yourself.

I guess you could call me a “Security Geek”!

I have always found podcasts to be a phenomenal resource to learn about industry trends and products or services that are revolutionizing how teams operate. Not only do you get a chance to listen to subject matter experts and thought-leaders talk about their industry knowledge, but also learn about an application’s benefits and value it brings to solve everyday challenges.

The best part, they are free learning-sessions from industry experts on new trends and applications you and your team can utilize!

Below are the top 4 podcast channels I frequently visit each week to stay updated on the cybersecurity industry, trends and useful advice – including our new Respond Software podcast.

  1. The Risky Business podcast, hosted by award-winning journalist Patrick Gray, features news and in-depth commentary from security industry luminaries. Risky Biz is a phenomenal source to stay updated on the latest cybersecurity news on a weekly basis and trends.
  2. The Unsupervised Learning Podcast series, hosted by cybersecurity professional Daniel Miessler, discusses current cybersecurity news, emerging technologies, and provides opinions and advice on the latest trends in security.
  3. The Defensive Security podcast, hosted by Jerry Bell and Andrew Kalat provides a fun take on recent security news. One of the intriguing aspects of their podcast is they recommend feedback and advice for business on what they can apply to keep their network secure. Their perspective and input on best practices is very fascinating.
  4. The Respond Software podcast series covers a wide range of topics and issues – providing a fantastic way to learn about emerging threats and trends, challenges in security operations and opinions from industry experts. One of the primary focuses of the Respond Software Podcast series focuses on the role of humans and technology in the cybersecurity space. The series also features prominent industry leaders like Raffy Marty, VP of Corporate Strategy at Forcepoint. In a recent podcast, Raffy discusses cybersecurity challenges that exist today, what technologies can help improve existing processes and how cybersecurity has changed over the years.

By listening to these podcasts, I have learned a tremendous amount about the cybersecurity industry, trends, threats and new technology that revolutionizes how teams operate.

If you’re waiting for our next podcast to be released and want to learn more about the cybersecurity industry and discover how Respond Analyst can help your team – register for our upcoming webinar on the new Respond Analyst Web Filter Module on November 7th! You will learn how real-time analysis and triage of web filter data, during network and endpoint analysis, gives security teams an edge in reducing response times and limiting the impact of some of the most stealthy attacks!

You Don’t Have SOC Analysts, You Have SOC Synthesists

For all my nearly 20 years in the Security Operations field being a “SOC Analyst”, building and helping with SOC design, evolving SOCs and everything in between, I’ve been calling my team members by the wrong title. Worse yet, none of my colleagues ever corrected me, mostly because they didn’t know. Hard to believe, but I suspect it’s because we all never really thought much about what the “SOC Analyst” really does for a living.

The word “analyst” means a person who conducts an analysis. “Analysis” has its roots in the Greek word “analyein” which translates “to break up”. This implies breaking the problem into pieces.

It begins…

“SOC Analysts” typically come into work at the start of their long shifts and sit down in front of a console to look at alerts of some kind.  These alerts have data points from a single security product telemetry like an IDS sensor. These alerts do not usually have enough information alone to make a decision on whether they are dealing with a security incident or threat.

Now what?

The “SOC Analyst” would then want to know more information so they go collect data points from other sources to piece together (combine corroborating pieces of evidence) to form an as complete a picture as possible regarding what is going on in their environment, and what is the likelihood it is malicious.

Then what?

Now it’s decision time.  Does the picture paint a portrait of something nefarious going on and we need to get Security Incident Responders engaged or is it just a misconfigured company application running amok and should they need to notify a server admin?

Finally.

The decision is made and it’s on to the next alert.  Wash, rinse, repeat for the next 11+ hours.

What we just walked through was an individual taking one piece of evidence and trying to add more evidence to create a whole picture.  So let’s look at the definition of “analysis” below from dictionary.com:

Analysis

noun, plural a·nal·y·ses [uhnaluh-seez].

1. The separating of any material or abstract entity into its constituent elements (as opposed to synthesis).

2. This process as a method of studying the nature of something or of determining its essential features and their relations.

“The separating”?  Wait, what now? We just walked through how a Security Analysts is combining things, not breaking them apart!

Now let’s look at the definition of the word Synthesis, again from dictionary.com:

Synthesis

noun, plural syn·the·ses [sin-thuh-seez].

1. The combining of the constituent elements of separate material or abstract entities into a single or unified entity (opposed to analysis).

2. A complex whole formed by combining.

This definition fits what our “SOC Analysts” do every day much better than analysis now doesn’t it?

Wouldn’t it be great if your “SOC Analysts” had the time to synthesize all the contextual evidence they could collect around an initial alert to formulate a hypothesis?  THEN had even more time to turn around and breakdown all the possible permutations of the evidence to test the hypothesis and reaffirm or change their mind on each decision they made?  Yes, that would be awesome to have the time to do both!

Wouldn’t you rather synthesize AND analyze before making a decision to alert your incident responders, or just let them sleep another hour……

 

 

What Would Ali Say About Being #124 on the Cybersecurity 500 List?

Respond-Software is #124 on the Cybersecurity Ventures annual ranking of the hottest and most innovative cybersecurity companies aka Cybersecurity 500 2018: The Official list. So here goes, “wow”, barely nine months after shipping our first product!?! What would Muhammad Ali say: “It’s not bragging if you can back it up.”

It’s so refreshing to have a product work and that actually gets to the core of a real security challenge, then do it in an innovative way. It’s humbling in fact. Much of the time, and often in the early days of a tech company, marketing is charged with putting lipstick on a pig.

But I’ve come to learn, in my short time here, that Respond Software solves a real-world problem, analyzing with the ever-growing pile security data, with a whole product solution, The Respond Anaylst. And customers are loving that we solve a giant headache for them, all without creating more headaches in managing the solution. Cybersecurity analysts have plenty of headaches already.  

Plus the coolest thing for me is watching the engineering team, from young 20-somethings to older-than-50-somethings working side by side, making a great product and making my marketing job easy. Hats off to the product team….I’ll take #124.

 

Join our growing community! Subscribe to our newsletter, the "First Responder Notebook," delivered straight to your inbox.