Security News

SOC team members battle with burnout, overload and chaosWhile some organizations have increased security operations center funding, the overall gains have been meager, and the most significant issues have not only persisted, but worsened, according to Devo Technology. Privacy and security concerns related to patient data in the cloudThe Cloud Security Alliance has released a report examining privacy and security of patient data in the cloud.

The report, based on a survey conducted by Ponemon Institute, examines many of the same issues as last year, and found 60% of SOC team members are still considering changing careers or leaving their jobs due to burnout. The survey, conducted in March and April 2020, queried IT and IT security practitioners in organizations that have a SOC. On the positive side, the importance of investing in a SOC remains high, with 72% of respondents categorizing the SOC as "Essential" or "Very important" to their organization's overall cybersecurity strategy, up 5% year-over-year.

Siemens has signed an agreement to acquire Cambridge, UK-based UltraSoC Technologies, a provider of instrumentation and analytics solutions that put intelligent monitoring, cybersecurity and functional safety capabilities into the core hardware of system-on-chip. The addition of UltraSoC to Siemens enables a unified data-driven infrastructure that can enhance product quality, safety and cybersecurity, and the creation of a comprehensive solution to help semiconductor industry customers overcome key pain points including manufacturing defects, software and hardware bugs, device early-failure and wear-out, functional safety, and malicious attacks.

Exabeam's 2020 State of the SOC Report reveals that 82% of SOCs are confident in the ability to detect cyberthreats, despite just 22% of frontline workers tracking mean time to detection, which helps determine hacker dwell time. Compounding this unfounded confidence, 39% of organizations still struggle with SOC staff shortages and finding qualified people to fill the cybersecurity skills gap.

Stellar Cyber announced that CyFlare has deployed the Stellar Cyber platform as the core of its Security Operations Center service. While many MSSPs cobble together complete solutions from a dozen or more different products and then have trouble correlating detections to stop complex attacks, Stellar Cyber's platform is a complete solution with more than 20 natively-supported applications that present detections in an intuitive dashboard.

Vectra Integrates Cognito with Microsoft Defender ATP and Azure Sentinel to Form a SOC Visibility Triad. San Jose, Calif-based threat detection firm Vectra has integrated its network threat detection and response Cognito platform with Microsoft Defender and Microsoft Azure Sentinel to deliver Gartner's concept of the SOC Visibility Triad. Gartner introduced the idea of the SOC Visibility Triad in March 2019. The new native integration between Vectra's Cognito and Microsoft's Defender and Sentinel is designed to provide the SOC with full oversight of the state of the infrastructure, and better ability to respond to suspicious events.

The British Army has raised a new regiment that will take charge of its in-house security operations centre, a move calculated to make cyber defence a more mainstream part of all things armed and camouflaged. The Ministry of Defence stated that 13 Sigs will "Provide the basis of the new Army Cyber Information Security Operations Centre, focusing on the protection of Defence's cyber domain."

Filling the information gap therefore involves looking at how to make the most of the data that is coming in, without paralyzing the process or relying on manual intervention. Achieving the right security posture will instead involve looking at the data, the analysis and the real-time requirements together.

Efficiency in the security operations center is more critical than ever, as organizations have to deal with limited SOC resources. The SOC is a centralized team of analysts, engineers, and incident managers who are responsible for detecting, analyzing, and responding to incidents and keeping security operations tight and resilient - even when security strategy fails.

For ages, the mainframe was like macOS - considered natively secure and not at risk of attack or compromise. The reality is that the mainframe is securable, but it is definitely not guaranteed to be secure.