Security News

Google said it's working with ecosystem partners to harden the security of firmware that interacts with Android. While the Android operating system runs on what's called the application processor, it's just one of the many processors of a system-on-chip that cater to various tasks like cellular communications and multimedia processing.

Enterprises have a limited number of analysts running their security operations centers and are deploying multiple tools in an attempt to address their cloud security challenges, according to ManageEngine. ManageEngine's study has also revealed a surge in cloud adoption, with 72% of respondents using multi-cloud applications and another 5% using hybrid cloud systems.

Up until now, much of these advancements in automation have been focused on response, with SOAR and incident response tools playing an instrumental role in tackling the most urgent phase of the SOC workflow. By breaking down the SOC workflow into phases, it is easy to see more instances where automation can improve the speed and efficacy of security teams.

Gurucul announced the results of a Black Hat USA 2022 security professionals survey with respondents indicating that insider threats were the most difficult type of attack for SOC analysts to detect, and that behavioral analytics was the most common piece of technology they felt was missing and that they planned to add to the SOC in the near future. The survey also found that a strong majority of respondents feel their SOC programs are improving, but that they needed more training, high-level talent in the SOC, better compensation, and more time off.

How secure are the third parties you've entrusted with your data? SOC 2 is a framework that ensures these service providers securely manage data to protect their customers and clients. For security-conscious businesses - and security should be a priority for every business today - SOC 2 is now a minimal requirement when considering a SaaS provider.

In this Help Net Security video, Bryant Rump, Principal Security Architect at Neustar Security Services, talks about the challenges of mitigating immense DDoS attacks. He outlines real-world examples and discusses their implications for enterprise security preparedness and the threat landscape.

Like Microsoft's new security patch technology, SOC automation intends to both improve an enterprise's security posture and reduce the burden on security engineers and security analysts. The real work of the SOC continues to be handled by security engineers who maintain the tools and the security analysts who have the insights that can assess attacks and determine what the organization should do to address threats.

Having SOC 2 compliance means you have implemented organizational controls and practices that provide assurance for the safeguarding and security of client data. After beginning our SOC 2 journey we realized that we did not have a great way to track the reasoning behind a required emergency change, and this was required for our SOC 2 audit.

With nearly 50% of organisations with over 2,000 employees still yet to deal with security monitoring and implementation of incident response capabilities, we need to ask ourselves why? It's hard to deploy disparate and multiple complex systems to get true SOAR. It's hard to find the staff to resource both the engineering and the security operations, all bringing with it a high cost and management burden making it difficult for large organisations, let alone smaller organisations, to reach this level of security maturity.

For security leaders, building a mature Security Operations Centre is about establishing robust processes that bring teams and technology together for success. Recent research indicates that 51 percent of SOC teams feel emotionally overwhelmed by the impossible volume of security alerts they must deal with, with the stress impacting their home lives.