Sign in

As an SOC manager, you’re responsible for keeping your security operations center in tip-top shape — and in modern IT environments, that’s a tall order. Luckily for you, there are some cutting-edge tools available that can help you slash false positive rates, shorten response times, and give your analysts the information they need to make the right decisions. Security orchestration, automation, and response (SOAR) may be just what you need.

THE DANGERS OF MISSED ALERTS

Today’s SOCs tend to deal with very high volumes of alerts. Given a finite number of analysts and a finite amount of time to investigate all these alerts, it’s easy…


On December 8, 2020 FireEye announced that they had been compromised by a highly sophisticated state-sponsored adversary and their red team tools were stolen. FireEye has cleared that “The red team tools stolen by the attacker did not contain zero-day exploits. The tools apply well-known and documented methods”. This hack is now considered as one of the biggest thefts of cybersecurity tools.

How does this theft affect your organization?

Offensive cyber tools in an adversary’s hand is always a cause of worry. It could bring serious implications to the overall security posture of a company. …


The cyber threat landscape can be daunting. Often, you’re faced with challenges –

  • Can an organization solely rely only on security information and event management(SIEM)?
  • Does endpoint detection and response(EDR) alone suffice all the requirements that an organization needs to be secure?
  • How do we decide which technology is best suited for an organization — SIEM or EDR?

So here I share a gist of my experience working together on both technologies, based on this, one can determine how their organization can benefit.

SIEM and EDR both have special characteristics of their own. However, individually they both still fall short…


In today’s digital world, perimeter-based security strategies often struggle to defend against increasingly complex cyber threats, zero trust architecture is designed with the realities of the current threat landscape in mind. A zero trust architecture enables organizations to prioritize access and restrictions. The goal is to implement a zero trust policy across all traffic, to ensure no user, device or system can put the network at risk. This architecture typically enforces three main principles -

  • there is no such thing as trustworthy users,
  • multi-factor authentication (MFA) is a must, and
  • micro-segmentation is critical for enforcing restrictions

To implement zero trust…


The COVID-19 pandemic has forced almost all organizations to adopt new practices such as remote working and social distancing. It has altered people’s lives in both small and enormous ways. The governments are reconsidering ways to ensure the stability of their countries by developing and implementing new economic plans. As the world is more focused on the health and economic aspects of nations, this has helped cybercriminals to benefit from this crisis.

Even though the work-from-home concept is not new, with the pandemic in the picture, it has raised some new challenges and it would require some serious continuity planning…


The e-commerce space has undergone massive transformations since its inception to reach where it is today. Come to think of it, if you’re old enough to have lived life before e-commerce, you’d remember how entering credit card details online used to be an absolute turn-off for most of us. Cut to today, and people no longer think twice before saving their card details online for more convenience.

Technology has made life a lot easier for us, or so it seems. But if you happen to look closely, this so-called ease has in fact opened up an entire ecosystem for the…


Security information and event management (SIEM) technology supports threat detection, compliance and security incident management through the collection and analysis (both near-real-time and historical) of security events, as well as a wide variety of other event and contextual data sources (cf. Gartner).

Put simply, SIEM is a class of software solutions that collect and analyze activity from many different resources across an entire IT infrastructure.

At its heart, SIEM is

  • a data collection and reporting system
  • an event correlator based on an analytical platform which indicates a security issue

SIEM tools are able to perform event correlations to process time…


In today’s scenario with increasing risk of cyberattacks, organizations are trying their best to maintain the cybersecurity posture. The overwhelming need for skilled resources and the hassle of maintaining and running cybersecurity programs is making organizations move to MSSPs. MSSPs are not only able to manage the infrastructure but also define security policies. With the availability of skilled resources and subject matter expertise, MSSPs are able to solve the cybersecurity problem for the customers.

With this said, MSSPs have to keep up with the ever-changing and dynamic nature of cyberattacks and need to adapt to newer technologies.

This post covers…


For many organizations looking to get started with security information and event management (SIEM), when it comes to selecting a platform, price can be the deciding factor. However, it can be difficult to work out exactly what any given solution costs, or how the cost of one solution compares to another. Differences in vendors’ pricing schemes, as well as differences in infrastructure requirements (e.g., storage hardware) are just a few of the things that need to be taken into account here.

So, how much does SIEM cost?

First things first: requirements

Before delving into the factors that affect the total cost of a SIEM…


To fully understand what your existing SIEM solution can offer your enterprise in terms of cybersecurity, you’ll need to ask yourself some tough questions: Is your SIEM being used to its full potential?

  • How much has your threat hunting model matured over time?
  • How are you leveraging new detection strategies in your threat hunting process?

Most SIEM platforms today come with built-in UEBA features, which have immense potential to improve the security posture of your organization and greatly reduce insider threats. …

DNIF

The “Open” Big Data Analytics platform that offers solutions to the world’s most challenging cyber security problems with real-time data analytics.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store