Security Operations Center (SOC)

What should Security Operations teams take away from the IBM X-Force 2024 Threat Intelligence Index?

Posted on April 17, 2024 by John Velisaris

The IBM X-Force 2024 Threat Intelligence Index has been released. The headlines are in and among them are the fact that a global identity crisis is emerging. X-Force noted a 71% increase year-to-year in attacks using valid credentials. In this blog post, I’ll explore three cybersecurity recommendations from the Threat Intelligence Index, and define a […]

The post What should Security Operations teams take away from the IBM X-Force 2024 Threat Intelligence Index? appeared first on Security Intelligence.

Continue reading What should Security Operations teams take away from the IBM X-Force 2024 Threat Intelligence Index?→

Accelerating security outcomes with a cloud-native SIEM

Posted on December 14, 2023 by Chris Meenan

As organizations modernize their IT infrastructure and increase adoption of cloud services, security teams face new challenges in terms of staffing, budgets and technologies. To keep pace, security programs must evolve to secure modern IT environments against fast-evolving threats with constrained resources. This will require rethinking traditional security strategies and focusing investments on capabilities like […]

The post Accelerating security outcomes with a cloud-native SIEM appeared first on Security Intelligence.

Continue reading Accelerating security outcomes with a cloud-native SIEM→

The evolution of security analyst experience

Posted on August 7, 2023 by Sue Poremba

Cloud computing and IT modernization have created a more complex threat landscape, and security analysts are struggling to keep up. Security operations centers (SOC) are in need of an upgrade. The proliferation of cloud and hybrid environments simply creates more to protect, said Andie Schroeder, program director of product management at IBM Security, at RSAC […]

The post The evolution of security analyst experience appeared first on Security Intelligence.

Continue reading The evolution of security analyst experience→

A History of Ransomware and the Cybersecurity Ecosystem

Posted on June 19, 2023 by Ronda Swaney

The number and complexity of cybersecurity tools have grown at a dizzying pace in recent decades. As cyber threats like ransomware became more numerous and complex, antivirus and threat management tools expanded to meet these challenges. Security experts now often find themselves with too many choices and a market too rich with options. Choosing, running […]

The post A History of Ransomware and the Cybersecurity Ecosystem appeared first on Security Intelligence.

Continue reading A History of Ransomware and the Cybersecurity Ecosystem→

SOCs Spend 32% of the Day On Incidents That Pose No Threat

Posted on June 6, 2023 by Josh Nadeau

When it comes to the first line of defense for any company, its Security Operations Center (SOC) is an essential component. A SOC is a dedicated team of professionals who monitor networks and systems for potential threats, provide analysis of detected issues and take the necessary actions to remediate any risks they uncover. Unfortunately, SOC […]

The post SOCs Spend 32% of the Day On Incidents That Pose No Threat appeared first on Security Intelligence.

Continue reading SOCs Spend 32% of the Day On Incidents That Pose No Threat→

How I Got Started: SOC Analyst

Posted on April 27, 2023 by Mark Stone

The role of a Security Operations Center (SOC) analyst is crucial in maintaining an organization’s security posture. A SOC analyst wears many hats but typically acts as a watchdog looking out for attacks in progress while also finding ways to boost defenses and prevent or mitigate future attacks. In this exclusive Q&A, we spoke with […]

The post How I Got Started: SOC Analyst appeared first on Security Intelligence.

Continue reading How I Got Started: SOC Analyst→

The Needs of a Modernized SOC for Hybrid Cloud

Posted on April 24, 2023 by Chris Meenan

Cybersecurity has made a lot of progress over the last ten years. Improved standards (e.g., MITRE), threat intelligence, processes and technology have significantly helped improve visibility, automate information gathering (SOAR) and many manual tasks. Additionally, new analytics (UEBA/SIEM) and endpoint (EDR) technologies can detect and often stop entire classes of threats. Now we are seeing […]

The post The Needs of a Modernized SOC for Hybrid Cloud appeared first on Security Intelligence.

Continue reading The Needs of a Modernized SOC for Hybrid Cloud→

The Important Role of SOAR in Cybersecurity

Posted on April 3, 2023 by Sue Poremba

Understaffed security teams need all the help they can get, and they are finding that help through SOAR. SOAR — security orchestration, automation and response — is defined by Gartner as the “technologies that enable organizations to collect inputs monitored by the security operations team.” Gartner identifies a SOAR platform’s three prime functionalities: Threat and […]

The post The Important Role of SOAR in Cybersecurity appeared first on Security Intelligence.

Continue reading The Important Role of SOAR in Cybersecurity→

Direct Kernel Object Manipulation (DKOM) Attacks on ETW Providers

Posted on February 21, 2023 by Ruben Boonen

Overview In this post, IBM Security X-Force Red offensive hackers analyze how attackers, with elevated privileges, can use their access to stage Windows Kernel post-exploitation capabilities. Over the last few years, public accounts have increasingly shown that less sophisticated attackers are using this technique to achieve their objectives. It is therefore important that we put […]

The post Direct Kernel Object Manipulation (DKOM) Attacks on ETW Providers appeared first on Security Intelligence.

Continue reading Direct Kernel Object Manipulation (DKOM) Attacks on ETW Providers→

When Logs Are Out, Enhanced Analytics Stay In

Posted on December 22, 2022 by Jackie Lehmann

I was talking to an analyst firm the other day. They told me that a lot of organizations purchase a security information and event management (SIEM) solution and then “place it on the shelf.” “Why would they do that?” I asked. I spent the majority of my career in hardware — enterprise hardware, cloud hardware, […]

The post When Logs Are Out, Enhanced Analytics Stay In appeared first on Security Intelligence.

Continue reading When Logs Are Out, Enhanced Analytics Stay In→