All Articles

In today’s rapidly evolving threat landscape, Security Operations Centers (SOCs) face mounting pressure to investigate incidents faster and with higher accuracy. Analysts spend valuable time switching between tools, writing queries, and compiling inc

Actionable Insights for CISOs

1. Evaluate the Viability of Decoupled SIEM Architectures

While decoupled SIEMs offer flexibility by separating data collection, storage, and threat detection, they may introduce complexity and integration challenges. As

Join us for a live AI Demo Talk on "AI-Powered SOC Agent: Conversational Security Investigations with Whatsapp, Splunk & Gemini" with Sanglap Patra, Cybersecurity Engineer (SIEM & SOAR), Nielsen.

What You'll See :

• Investigations over WhatsApp (voi

I will be really, really honest with you — I have been totally “writer-blocked” and so I decided to release it anyway today … given the date.

So abit of history first. So, my “SOC visibility triad” was released on August 4, 2015 as a Gartner blog (it

“Flickering screens, a sickly, yellow glow. Humming servers, a constant, low thrum of digital malaise. Alerts screamed into the void, a cacophony of meaningless noise, lost in the echoing expanse of our digital tomb. Playbooks, relics of a forgotten

After a long, long, long writing effort … eh … break, we are ready with our 5th Deloitte and Google Cloud Future of the SOC paper “Future of SOC: Transform the ‘How’.”

As a reminder (and I promise you do need it; it has been years…), the previous 4 p

My former “colleagues” have written several serious pieces of research about why a SOC without humans will never happen (“Predict 2025: There Will Never Be an Autonomous SOC”, “The “Autonomous SOC” Is A Pipe Dream”, “Stop Trying To Take Humans O

A fair-weather SOC by Meta AI

Do you have a fair-weather friend? Or two?

Fair weather friend (via Google)

OK, do you also have a fair-weather SOC?

This train of thought was inspired by reading pilot forums about how some training approaches lea

Cybersecurity is a constantly changing battleground, where threats are evolving more rapidly than ever before. For Enoch Long, Field CISO at JupiterOne, navigating this complex environment requires not only technical expertise, but also a calm and st

Learn Modern SOC and D&R practices for free from Google! Yes, really! That’s the message. Join *hundreds* of others who already signed up!

Now, with full details….

After some ungodly amount of work, the original ASO crew (but really Iman!) put toget

 Mention “alert fatigue” to a SOC analyst. They would immediately recognize what you are talking about. Now, take your time machine to 2002. Find a SOC analyst (much fewer of those around, to be sure, but there are some!) and ask him about alert fati

Cross-posted from Anton on Security

As you are reading our recent paper “Autonomic Security Operations — 10X Transformation of the Security Operations Center”, some of you may think “Hey, marketing inserted that 10X thing in there.”

Well, 10X thinking 

Now, we all agree that various cloud technologies such as SaaS SIEM help your Security Operations Center (SOC). However, there’s also a need to talk about how traditional SOCs are challenged by the need to monitor cloud computing environments for thr

This paper outlines industry best practices for building and maturing a security operations center (SOC). For those organizations planning to build a SOC or those organizations hoping to improve their existing SOC, this paper will outline the typical

Organizations around the globe are investing heavily in cyber defense capabilities to protect their critical assets. Whether protecting brand, intellectual capital, and customer information or providing controls for critical infrastructure, the means

Building a new SOC capability may involve lot of planning and would attract huge initial investment.

While there are multiple approaches to address this, given below are some of the simple steps one can follow:

1. Understanding Business Goals, type of