One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 1770247 |
| Date de publication | 2020-06-18 20:31:00 (vue: 2020-06-23 06:15:42) |
| Titre | Benefits of a security operations center (SOC) |
| Texte | This blog was written by an independent guest blogger. Why having a SOC is paramount A well-run security operations center (SOC) stands as the central nervous system of an effective cybersecurity program. SOCs serve as a hub of organization-wide detection and response capabilities for the people tasked with stopping cyber threats within their organization. While the everyday duties of the SOC vary by organization, the overarching mission driving the typical SOC tends to be three-fold: Consolidate and correlate log data from networks, clouds, and devices across the organization Coordinate the analysis of alerts and information from that data Orchestrate the incident response that's triggered by alerts Organizations need effective and efficient coordination from the SOC because the threats attacking their environments are relentless. By some estimates: Cyberattacks triggered over 7,000 breaches in 2019, exposing 15.1 billion records The average cost of data breach is now $3.92M It takes an average of 279 days to identify and contain a breach. 86% of organizations rate the SOC as anywhere from important to essential to their cybersecurity strategy 5 goals of any modern SOC 1. Reduce time to response One of the top goals of a modern SOC is to accelerate the pace at which security analysts can detect signs of an attack, investigate the associated activity, and start remediation to shut down the threat. The less time cyber attackers have to poke around, unrestricted on organizational systems, the less opportunity they have to break into high-value assets and steal sensitive information. 2. Minimize breach impact Everything a SOC does comes down to minimizing the impact of breaches and other risks to the organization. The SOC's work on cutting down on attack dwell time—the time before detection — helps minimize breach impact. So does effective prioritization of SOC activity based on factors like the severity of vulnerabilities in an asset, threat intelligence about attack trends, and business criticality of an asset. Effective SOCs can make all the difference in keeping minor security incidents from becoming a major breach. 3. Increase security visibility SOC operators understand that the more they know about their systems, the easier it will be to identify attacks against them. SOCs seek to expand security visibility and incident response coverage by establishing thorough inventories of their organizational IT assets and instrumenting near-real-time security monitoring to be ready to alert when threats strike. 4. Stay a step ahead of attackers SOCs aim to move beyond reactive incident response and strive to evolve their activities to include proactive threat hunting. The stealthiest attackers work hard to avoid detection, which is why veteran SOC analysts sift through digital clues to find early evidence of attacks that may not always trigger alarms but are nevertheless worth investigation. 5. Keep business informed of risk The final goal of the SOC is to keep up with reporting an |
| Notes | |
| Envoyé | Oui |
| Condensat | 000 2019 24x7 279 92m about absence accelerate according achieve achieve: across acting actions activities activity advanced against aggregate aggregating aggregation ahead aim alarms alert alerts all also always analysis analysts analyze any anywhere are around assessment asset assets associated attack attackers attacking attacks augment automate automated automation average avoid barriers base based because becoming before benefits best better beyond billion blog blogger breach breaches break business but calculate can capabilities capital center central certain challenge choose cited class clouds clues collection comes command common communication compliance consolidate contain coordinate coordination correlate cost costs could coverage creating critical criticality crucial cutting cyber cyberattacks cybersecurity data day days dedicate deployment detailed detect detection devices difference digital does don't down drive driving duties dwell early easier edge effective effectively effectiveness efficient engage environments essential establish establishing estimates: even everyday everyone everything evidence evolve excellence expand expenditure exposing facilitate factors faq faster final financial find flexibility fold: following forensic formal formalized frequently from future gap gaps give goal goals guest guide hard have having help helps hidden high highly how hub human hunt hunting identify impact important improve improved incident incidents incidents; include increase independent information informed institute instrumenting intelligence intervention inventories investigate investigation investigative investment investments just keep keeper keeping know lack largest leaders less leverage like log logs long major make maps may measure measuring methods minimize minimizing minor missing mission model modern monitoring more most move near necessarily need nervous networks nevertheless not now offers one operating operations operators opportunity orchestrate orchestration organization organizational organizations other over overarching overcome overwhelm pace paramount people periods platforms play playbooks point poke pool practices practices predictability prioritization prioritize proactive proactively procedures program proving quickly range rapid rate reactive readiness ready real record records reduce reduction relentless remediation report reporting requires resources respond response risk risks road role run sans scalability scenarios security seek sensitive serve service severity shape shut sift sifting signs skilled skills soc soc's socs some speed staff stands start stay steal stealthiest stealthy step steps stopping strategy streamline strike strive structure subscription system systems takes talented tap tasked teams technologies technology tends that's them thorough threat threats three through time time—the top trend trends triage trigger triggered two typical understand unrestricted use utilize value vary veteran visibility volume vulnerabilities well what when which why wide will within without work worth would written zero |
| Tags | Data Breach Threat Guideline |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.