Security News

The goal of any SecOps system is to collect, correlate, and assess data gathered from every corner of the network to detect and investigate anomalous behavior and then respond promptly to thwart an attack before its damage is done. Issues like evolving operational requirements, the rapid expansion of network edges, the recent inversion of the network due to the transition to a remote workforce, and growing compliance requirements are accelerating the volume and velocity of data and overall complexity for SecOps.

Microsoft is updating Microsoft Defender for Identity to allow security operations teams to block attacks by locking a compromised user's Active Directory account. Microsoft Defender for Identity is a cloud security service that leverages on-premises Active Directory signals to detect and analyze advanced threats, compromised identities, and malicious insider activity targeting enrolled organizations.

Kerry Matre, senior director at Mandiant, discusses the appropriate metrics to use to measure SOC and analyst performance, and how MTTR leads to bad behavior. In a SOC measuring analyst activity with MTTR can drive the wrong behavior.

More than half of IT and cybersecurity professionals noted ransomware or zero-day attacks as the biggest threats to their organization, according to a Deep Instinct survey. The report highlights current and emerging threats, the impact these have on the day-to-day lives of SecOps professionals, and how automation will play a significant role moving forward.

Endace announced a strategic partnership with Corelight that will provide security teams with rich insights and detailed forensic data that accelerate the process of detecting, analyzing and responding to network security threats. Corelight sensors produce rich, protocol-specific logs for incident response and threat-hunting workflows within any SIEM. When integrated with EndaceProbe Analytics Platforms these logs include "Pivot-to-Vision" links which connect SIEM events to the related packet data recorded by the EndaceProbes on the network.

Siemplify released a research that studies how the sudden shift to remote work during the COVID-19 pandemic has affected SecOps analysts' ability to perform their jobs and the impact on overall security postures. The overall cybersecurity posture has remained strong due to greater investments in security automation technologies and reliance on managed security service providers, potentially paving the way for many security operations centers to become permanently remote, a Siemplify survey reveals.

Collaboration is a hallmark of successful security teams. Managers of all the security teams can see the analysis unfolding, which allows them to act when and how they need to, coordinating tasks between teams and monitoring timelines and results.

AppViewX has recognized and responded to wide-spread customer demand for full lifecycle management of symmetric data encryption keys, by adding Cryptsoft's KMIP Server to their platform. Cryptsoft's market proven KMIP server and KMIP client technology has been licensed by AppViewX to provide the technical foundation for their platform's key management capability.

Deepwatch announced deepwatch Lens Score, a fast, easy to use application for CISOs and those who are accountable for measuring, monitoring, and improving their company's overall security operations maturity. "We collaborate closely with our customers' CISOs and have a comprehensive understanding of the challenges they face. CISOs are universally accountable for answering three questions," explained Charlie Thomas, CEO. "How mature is my Security Program? How do I compare to my peers? What one thing should I do next to better secure my business?" deepwatch created deepwatch Lens Score to provide security leaders with an ongoing view into their security posture and precisely what they can do to improve it over time.

These findings indicate that as SOCs continue to mature, they will deploy next-gen tools and capabilities at an unprecedented rate to address gaps in security. Further, the scale of technology needed to secure today's digital assets means SOC teams are relying more heavily on tools to effectively do their jobs.