Anton on Security

AUGUST 30, 2021

If you read the above short and fun chapter, and then look back at your SOC, you will realize that 100% of what a typical SOC analyst does on a daily basis fits the definition of toil. Does this remind you of SOC analyst work? Well, 10X thinking is, in fact, an ancient tradition here at Google.

Engineering 273

Engineering Marketing Education Threat Detection 273

Security Boulevard

DECEMBER 8, 2023

In recent weeks, coincidentally, I’ve had several conversations that reminded me about the confusion related to “modern SOC.” One particular person went on a quest through several “leading” companies’ security operations to see how they have implemented a “modern” SOC. long story, probably Part 3 of this blog :-)].

Engineering 64

Engineering Phishing 64

Anton on Security

JULY 21, 2021

We spent a lot of time thinking about what to call the new model. We ultimately settled on the name “Autonomic Security Operations” for the vision (note that the previous contender was “10X SOC”, which one do you like more?) What is the “O” in SOC? What happens to operations in the DevOps model? Operations.

System Administration 113

System Administration Engineering CISO Technology 113

Anton on Security

MAY 13, 2021

A few days ago we did a very well-attended webinar focused on the modern Security Operations Center (SOC) approach (see “Trend for the Modern SOC” for a replay link). We got a lot of great questions, and just like in the good old times , I am writing a blog where I cover some of the answers. Also see this paper.

Risk 100

Risk Threat Detection Technology Cybersecurity 100

Anton on Security

FEBRUARY 26, 2021

The whole story from our GCP blog is cross-posted below: Security continues to be top of mind for large enterprises as well as smaller organizations and businesses. We both have long backgrounds in security, Anton with many years as a Gartner analyst, and Tim with nearly a decade of experience managing enterprise security products.

Cloud Migration 100

Cloud Migration Network Security Banking Media 100

Security Boulevard

FEBRUARY 26, 2021

In the first part of this blog series, we saw a brief overview of what a security operations center (SOC) is and how it operates. In this part, we’ll take a look at the typical activities that SOC analysts carry ….

Cybersecurity 59

Cybersecurity 59

CyberSecurity Insiders

OCTOBER 11, 2021

Stories from the SOC is a blog series that describes recent real-world security incident investigations conducted and reported by the AT&T SOC analyst team for AT&T Managed Threat Detection and Response customers. Julius Charles – Associate Cybersecurity. Executive summary. PHI, PII, PCI). Investigation.

Threat Detection 122

Threat Detection Cybersecurity Malware Cyber threats 122

Security Boulevard

SEPTEMBER 28, 2023

This blog series was written jointly with Amine Besson, Principal Cyber Engineer, Behemoth CyberDefence and one more anonymous collaborator. In this blog (#3 in the series), we will start to define and refine our detection engineering machinery to avoid the problems covered in Parts 1 and 2.

Engineering 64

Engineering Education Government Threat Detection 64

Anton on Security

FEBRUARY 5, 2024

If you are like us, you may be surprised that, in 2024, traditional security information and event management (SIEM) systems are still the backbone of most security operations centers (SOC). this sounds banal and repetitive, yet what else can I say? That’s where this blog comes in. are we a bit harsh here? Frankly no!

Threat Detection 100

Threat Detection Engineering Artificial Intelligence Risk 100

Security Boulevard

AUGUST 31, 2022

The increasing demand for cybersecurity analysts is a combination of playing catch-up, keeping up with growing threats/attacker capabilities, and a globally expanding IT footprint. With relief for the growing security skills gap nearly a decade out, we must find ways to support the analysts that are already working to protect us.

Artificial Intelligence 52

Artificial Intelligence Cybersecurity Education Government 52

McAfee

JULY 6, 2021

Do you usually read what critics say before deciding to see a movie or read a book? But rather than simply share a few top-tier analyst blurbs with you, we’d like to walk through what these insights mean to our growing set of customers and how their sec operations will evolve with greater efficiencies.

Marketing 105

Marketing 105

Anton on Security

FEBRUARY 10, 2021

SOC Threat Coverage Analysis?—?Why/How? Back in my analyst days, we looked at it as a part of a security use case lifecycle process. But what about a more comprehensive look at detection coverage inside each tool? What about coverage analysis down to the rules presence, performance and quality? Am I collecting this data?

Threat Detection 113

Threat Detection Engineering 113

NetSpi Executives

FEBRUARY 13, 2024

Tim’s extensive background as a security analyst, pentester, director of Red Team , and chief technology officer for leading global companies brings a wealth of insights to the table. What is Proactive Security? The relentless nature of SOC work underscores the need for constant vigilance. The post Annual Pentest?

Penetration Testing 94

Penetration Testing IoT Cyber threats Mobile 94

Security Boulevard

DECEMBER 21, 2021

As we discussed in “Achieving Autonomic Security Operations: Reducing toil” (or it’s early version “Kill SOC Toil, Do SOC Eng” ), your Security Operations Center (SOC) can learn a lot from what IT operations learned during the SRE revolution. evolving automation. and to make new discoveries in this process too.

Engineering 69

Engineering Phishing Technology Ransomware 69

McAfee

AUGUST 5, 2021

So, what’s all the continuous hype about XDR? Is it for you and what does it mean to your organization? If you haven’t already, I invite you to read our XDR—Please Explain and Unravel to XDR Noise blogs for added context. From here we can begin to ask, what are XDRs and what are they not? Live Webinar.

Threat Detection 55

Threat Detection 55

Security Boulevard

SEPTEMBER 21, 2023

This blog series was written jointly with Amine Besson, Principal Cyber Engineer, Behemoth CyberDefence and one more anonymous collaborator. Detection Engineering is Painful — and It Shouldn’t Be (Part 1) Contrary to what some may think, a detection and response (D&R) success is more about the processes and people than about the SIEM.

Engineering 59

Engineering Threat Detection Marketing Internet 59

McAfee

FEBRUARY 16, 2021

What is your organization ’ s readiness for the emerging eXtended Detection Response (XDR) technology ? As duly noted in the book, Ten Strategies of World-class Cybersecurity Operations Center , written quite a few moons ago : “With the right tools, one good analyst can do the job of 100 mediocre ones.”

Technology 92

Technology Phishing Cybersecurity 92

Security Boulevard

FEBRUARY 26, 2021

The whole story from our GCP blog is cross-posted below: Security continues to be top of mind for large enterprises as well as smaller organizations and businesses. We both have long backgrounds in security, Anton with many years as a Gartner analyst, and Tim with nearly a decade of experience managing enterprise security products.

Cloud Migration 52

Cloud Migration Network Security Banking Media 52

Security Boulevard

FEBRUARY 5, 2024

If you are like us, you may be surprised that, in 2024, traditional security information and event management (SIEM) systems are still the backbone of most security operations centers (SOC). this sounds banal and repetitive, yet what else can I say? That’s where this blog comes in. are we a bit harsh here? Frankly no!

Threat Detection 69

Threat Detection Engineering Artificial Intelligence Risk 69

McAfee

APRIL 19, 2021

survey of security efforts within SOCs. His questions were designed to gain insight into all things SOC,?including?how how SOCs can accomplish their full?potential Hosts Ismael Valenzuela and Michael Leland tapped into Chris’ security operations expertise as he told “A Tale of Two SOCs. ” . analysts.

Technology 86

Technology Artificial Intelligence VPN Firewall 86

Anton on Security

APRIL 28, 2022

Q: When do you think the industry will understand what XDR entails? A: A cynical part of me wants to say “never”, for the following reasons: what various vendors define as XDR morphs and shifts too fast and (this is a gut feel, not based on any solid fact base) it is not really converging to a common position.

Threat Detection 189

Threat Detection Technology VPN Architecture 189

Security Boulevard

AUGUST 30, 2021

If you read the above short and fun chapter, and then look back at your SOC, you will realize that 100% of what a typical SOC analyst does on a daily basis fits the definition of toil. Does this remind you of SOC analyst work? Well, 10X thinking is, in fact, an ancient tradition here at Google.

Engineering 59

Engineering Marketing Education Threat Detection 59

Security Boulevard

MAY 13, 2021

A few days ago we did a very well-attended webinar focused on the modern Security Operations Center (SOC) approach (see “Trend for the Modern SOC” for a replay link). We got a lot of great questions, and just like in the good old times , I am writing a blog where I cover some of the answers. Also see this paper.

Risk 51

Risk Threat Detection Technology Cybersecurity 51

McAfee

MARCH 18, 2020

What it doesn’t tell you is that mail.ru What it doesn’t tell you is that mail.ru The main reason is that a SOC analyst doesn’t know what he doesn’t know. This is a question we are often asked by our customers. NGFW and Web Proxies typically catalog web services using a category and a reputation score.

Firewall 55

Firewall Risk Encryption Malware 55

McAfee

MARCH 9, 2021

In a Security Operations Center (SOC) this resource is serving as a progressive framework for practitioners to make sense of the behaviors (techniques) leading to system intrusions on enterprise networks. So what is this “efficacy” thing all about? MITRE ATT&CK enterprise is a “knowledge base of adversarial techniques ”.

Marketing 81

Marketing Ransomware Malware Risk 81

NetSpi Executives

FEBRUARY 13, 2024

Tim’s extensive background as a security analyst, pentester, director of Red Team , and chief technology officer for leading global companies brings a wealth of insights to the table. What is Proactive Security? The relentless nature of SOC work underscores the need for constant vigilance. The post Annual Pentest?

Penetration Testing 52

Penetration Testing IoT Cyber threats Mobile 52

Security Affairs

APRIL 13, 2023

What starts as a careless, disgruntled, or simply ignorant employee maneuver can result in credential theft, data loss, and unforeseen damage. This is the SOC-side action, tracking down threats once your tools give you fair warning. Knowing that insider threats are a risk is one thing. Knowing how to fight them off is entirely another.

Data privacy 95

Data privacy Risk Media Software 95

McAfee

NOVEMBER 10, 2020

Basic SOC Best Practices. Deploying MVISION Cloud for Office 365 enables agencies’ SOC analysts to assert greater control over their data and user activity in Office 365—control that can hasten identification of compromised accounts and resolution of threats. The Anatomy of a Cloud Services Attack. Exfiltrate data.

VPN 92

VPN Cyber Attacks Accountability Threat Detection 92

Security Boulevard

FEBRUARY 10, 2021

SOC Threat Coverage Analysis?—?Why/How? Back in my analyst days, we looked at it as a part of a security use case lifecycle process. But what about a more comprehensive look at detection coverage inside each tool? What about coverage analysis down to the rules presence, performance and quality? Am I collecting this data?

Threat Detection 59

Threat Detection Engineering 59

McAfee

SEPTEMBER 29, 2021

Tier 1 SecOps analysts have to manage this barrage of alerts. A Tier 1 SecOps analyst processes up to several hundred alerts in a day that require quick review and triage. Once the alert is determined to be potentially malicious and requires follow-up it is escalated to a Tier 2 SOC Analyst. This can be a tall order.

DNS 67

DNS Manufacturing Data breaches Risk 67

McAfee

AUGUST 11, 2020

With hundreds of thousands—often even millions—of data points streaming into enterprises on a daily basis, security operations center (SOC) directors need a way to reduce the burden on human analysts. AI can help analysts identify the threats that matter most and prioritize them properly. In 2020, months seem to feel like years.

Artificial Intelligence 74

Artificial Intelligence Technology Threat Detection Cyber threats 74

Security Boulevard

JUNE 15, 2022

This blog post reviews how SIEM alerts are generated and the basic steps a security team can take to set alerts that help them sort through the noise and find what matters – fast. SOCs spend quite a bit of time curating their security content, which follows a specific life cycle (see Figure 1). Setting Alert Rules. Error code.

Firewall 52

Firewall Passwords Architecture Mobile 52

McAfee

JUNE 29, 2020

Threat intelligence (TI) — the art of distilling down everything that is happening globally in the adversarial t hreatscape and TI Programs – reducing to what is necessary context for your company and your security team to know and take mitigation action against — is hard.

Artificial Intelligence 52

Artificial Intelligence Cyber threats Technology Risk 52

Security Boulevard

MARCH 24, 2022

What happened in the Okta attack? According to a blog penned by the Okta CISO, here’s what happened: On January 20 2022, a third-party customer support engineer working for Okta had their account compromised by Lapsus$. The group specializes in stealing and extorting data in exchange for a ransom payment.

Accountability 59

Accountability Authentication Passwords Social Engineering 59

Cisco Security

JANUARY 28, 2021

What is the first thing that comes to your mind when you hear the words “tech refresh?”. If you ask a member of your Security Operations Center (SOC), they may see a tech refresh as a shift in capabilities, an advancement of existing technology. A smart tech refresh should help accelerate your business and protect your future.

Technology 104

Technology InfoSec Antivirus Architecture 104

Cisco Security

OCTOBER 20, 2021

This guest blog was written by Aaron Sherrill , Senior Research Analyst at 451 Research , part of S&P Global Market Intelligence. . What if detection and response were simpler? Set the Stage: A World Without XDR. And that behavior seems likely to continue. XDR: The Missing Piece.

Threat Detection 116

Threat Detection Technology Information Security Risk 116

SC Magazine

JUNE 21, 2021

In an interview, Forrester analyst Allie Mellen talked about the way security event information management systems are mischaracterized by rival marketers, the increasing convergence of security analytics tooling and why automation needs are poised to loom large over the market in the next decade. I’m curious what drove those changes?

Marketing 70

Marketing Technology Media Big data 70