respurces_bg.png

Blog

Why Enterprises Should Consider NOC/SOC Integration

Meny Har November 21, 2018

Enterprises Can Gain Significant Efficiencies and Increased Effectiveness through NOC/SOC Integration

NOC SOC Integration

Approximately 80% of organizations with a security operations center (SOC) also have a network operations center (NOC). While these two groups ultimately serve different functions for an enterprise, significant overlaps do exist and SOCs and NOCs will typically need to collaborate in the event of an incident or emergency. Yet, despite the somewhat symbiotic relationship that exists between the NOC and SOC only a small percentage of enterprises truly integrate these functions.

Most Used Playbooks of 2018 - Incident response, Alerts, Automation

Siemplify November 16, 2018

The Most Used Playbook Of 2018 series brings you the production playbooks noted by our professional services team as being most utilized and favored by customer SOCs. These playbooks implement best practice workflows for alert handling, alerts investigation, incident response and automation plans.

Get The Full Series

What Machine Learning Means for Security Operations

Matthew Pascucci October 4, 2018

Machine learning holds great promise for security operations

Over the past two years machine learning has found its place firmly in the cybersecurity industry and its benefits are indisputable. Through machine learning, we’ve seen great improvements implemented into technology that can make tangible improvements to our cybersecurity posture. 

Building a Holistic Cybersecurity Metrics Program

Matthew Pascucci September 27, 2018

Establishing organizational and security operations metrics improves management and reduces company risk

An organization's ability to discover and reduce risk in a more preventative manner rests heavily on having clear cybersecurity and security operations metrics. 

security operations metrics

Understanding the overall security posture of your enterprise is determined by creating a baseline of select organizational and security operations metrics. With baseline numbers established, you can then begin to increase visibility, education and improvement to both technology and processes within your program. Metrics should be garnered from critical assets with risks and improvements presented to key stakeholders within the organization. These metrics help determine where particular areas of a program are running smoothly and where additional insight should be applied.

Defining the cybersecurity metrics that matter to your organization

Start by understanding your organization's critical assets. This could include everything from sensitive customer data and company IP to users and devices. I almost always suggest starting with anything compliance-related or having to do with public assets. These are the areas where you should be building metrics first. Ultimately, you're looking to measure your ability to effectively and proactively secure your company's most valuable assets. Ensuring visibility into these areas first is vital to identifying lapses in performance that could compromise security and triggering response to get processes back on track.

After you've identified what needs to be monitored,  you need to start collecting information and determining what data points are available. The process for collecting metrics is an important discussion item, since we want to limit as much manual effort as possible. Determining what information to collect and how you'll gather and analyze this data is a crucial step in your metrics journey. You'll also want to gut-check your identified metrics with a risk-based team, if available, to determine prioritization of the remediation efforts when those needs arise.

Baselines set the stage for goal-setting and measuring progress

Creating baselines is what you’ll use to determine the current cybersecurity maturity of your organization overall as well as your SOC. Baselines also help you identify any outliers or blatant concerns which require urgent attention. By creating this foundation and setting standards reflecting what’s normal within your organization, you create a basis for setting goals and milestones. Included in your baselines should also be an understanding of industry standards and your organization's appetite/tolerance for risk. Without these, identifying future goals is destined to be a fruitless exercise.

As an example, let's say you set a goal of having all Windows systems patched within one week of new Microsoft patches being released. To set this as an effective goal, you would need to have already done the following:

  1. Baseline the current state of your patching performance - what is the current time frame for new patches to be applied?
  2. Understand your organization's risk tolerance - how long are unpatched systems acceptable?

Only by understanding these elements can you determine if a one-week patching window is actually a good, reasonable, achievable goal.

Security Operations Strategies for Winning the Cyberwar

Sarah Eck September 14, 2018

Thwarting cyber threats just takes a little security operations strategy

security operations strategy

Advice for staying ahead of cyberthreats abounds, yet most organizations still find themselves struggling to keep pace in a consistently evolving threat landscape. 

Security Automation Saves Money, Time and Work

Kim Crawley September 5, 2018

Security automation means a more efficient SOC, improving the bottom line

Security automation savings

The evolving threat landscape just gets more complex and brutal as time goes on. Targeted threats abound as advanced persistent threat campaigns, cyberwarfare, distributed denial of service attacks, and spearphishing. Meanwhile, zero-day vulnerabilities and exploits continue to be frequent occurrences. It’s a hostile cyber world out there, and it’s easy for organizations and enterprises to get overwhelmed. What if there was a solution that could be deployed that could cut down on the tedium that SOC analysts deal with? The right security automation tool can reduce your cases by 80%.

Security Operations Challenges Impeding SOC-cess - 2018 SANS Survey

Sarah Eck August 24, 2018

Lack of effectiveness metrics and orchestration/automation top list of security operations frustrations

The more things change, the more they stay the same. SANS recently released its 2018 Security Operations Survey, and we continue to see the same barriers to SOC performance and effectiveness rise to the top.

What You Should Know about Driving Down MTTD and MTTR

Matthew Pascucci August 16, 2018

Effectively connect people, process and technology to minimize MTTD and MTTR

There's a reason it's said that what gets measured gets managed. In order to successfully achieve a goal, you have to be able to measure progress. It's the only way to know if you're heading in the right direction. 

Do I Need a SIEM if I Have SOAR?

Nimmy Reichenberg August 14, 2018

Another year, another Black Hat has come and gone. On the show floor, we saw the continued momentum and interest building for security orchestration, automation and response (SOAR).  And as always, we met with a wide variety of security operations pros feeling the pressure of too many alerts, too many technologies and not enough process and automation to make it all work.

Creating a Foundation for Proactive Incident Response

Meny Har August 8, 2018

Proactive incident response

As a Boy Scout, you’re trained to be prepared - always in a state of readiness in mind and body to do your duty. And for many of us in cybersecurity, a sense of duty is what drew us to the industry in the first place. What happens when the mind and body are at the ready, but you don't have the right approach or tools to carry out your duty as you know you can and should?

5 SOAR Implementation Pitfalls to Avoid

Sarah Eck July 23, 2018

The benefits of security orchestration, automation and response (SOAR) are many - if executed correctly

Security orchestration, automation and response (SOAR)

There’s no doubt, organizations around the globe are investing in security orchestration, automation and response (SOAR) solutions. While today, less than 1% of large enterprises use SOAR technologies, by 2020 15% of organizations with a security team of more than five are expected to leverage these tools.

Putting Your Incident Response Processes to the Test

Nir Loya July 8, 2018

Are You Regularly Testing Your Incident Response Processes?

Testing incident response process


Surely you remember it well. Your class being gathered and ushered into the centermost room of your school. Or being taken outside and counting off once you reached your designated place.

Selecting a Security Orchestration Vendor

Sarah Eck June 8, 2018

Have a clear criteria list when selecting a security orchestration vendor

Selecting security orchestration vendor

Security orchestration, automation and response (SOAR) vendors offer SOCs the best solution against the burgeoning problem of having too many security tools but not enough in-house talent to use them effectively. They enable security operations teams to integrate disparate cybersecurity technologies and processes into a more cohesive security ecosystem, in turn allowing these teams to work more efficiently against the growing onslaught of cyber threats.

Automated Incident Response - How Enterprises Benefit from it?

Jenya Shvetsov May 30, 2018

Automated Incident Response Addresses Key Security Operations Inefficiencies

In this era where cyber threats occur rapidly and nonstop, combining incident response and automation is becoming a necessity for enterprises and MSSPs seeking to keep their cyber defenses up around the clock. The following provides an overview covering all you need to know about automated incident response and how it can benefit your organization.

Introducing Siemplify Security Orchestration Version 4.0

Meny Har May 24, 2018

Continuously Innovating Security Orchestration and Automation

The Siemplify team is always adding and improving features based on feedback from our customers and partners. We’re excited to unveil version 4.0 of our cutting-edge security orchestration and automation platform. Filled with new functionality to further improve incident response processes for enterprises and MSSPs alike, here’s a look at what you can expect from our latest release.

Anguish and Antidote - Overcoming Top CISO Challenges | Siemplify

Miguel Carrero May 2, 2018

CISO pain points

“Here's What’s Keeping Your CISO Up at Night"
“CISO Survey Paints a Grim Picture”
“Thirty-seven CISO Pain Points” 

Should You Stop Hiring Tier 1 SOC Analysts? | Siemplify

Nimmy Reichenberg April 17, 2018

shutterstock_378771547Much has been written about the death of the Tier 1 SOC analyst. To paraphrase Mark Twain, reports of that death are greatly exaggerated. A simple Glassdoor search yields 186 open positions that posted in just the last month. Is one of your open roles on that list?

Security Automation for Account Misuse | Siemplify

Meny Har April 12, 2018

Automating the triage and incident response for account misuse alerts

Well, here we are. Our fourth and final installment of this blog series on use cases that can benefit most from security automation. In case you've missed the prior posts, we have already covered automating the investigation of and response to phishing, malware and DLP alerts. 

Automate This: Security Automation for DLP Alerts | Siemplify

Meny Har April 5, 2018

Hey there, welcome back! We now proceed with the third installment of our four-part blog series. If this is the first time you're joining us, here's a quick recap of what we’ve talked about so far.

Security Automation for Malware Alerts

Meny Har March 30, 2018

Automating the triage and incident response for malware alerts

Welcome to the second post in our four-part blog series where we walk through the steps to automate some of the most common SOC processes. Last week, we went through applying security automation to the process of managing, investigating and responding to phishing alerts. This week, we take a look at addressing malware.

What SOC Managers Should Know about SOAR and Threat Intel | Siemplify

Sarah Eck March 28, 2018

"Information is a source of learning. But unless it is organized, processed, and available to the right people in a format for decision making, it is a burden, not a benefit."
                                                                                                                                              -William Pollard 

your MSSP security orchestration shopping list | Siemplify

Miguel Carrero March 19, 2018

To say that MSSPs have a security orchestration challenge is the understatement of the century. But not just any security orchestration platform can satisfy the multi-tenant requirements of MSSPs.

BACK TO BASICS: What is security automation? | Siemplify

Nimmy Reichenberg March 12, 2018

Security automation back to basicsCybersecurity is full of terms, concepts, buzzwords and jargon that often get misused, overstated or muddled. That’s why, every now and again, we want to help you reground yourself in the true meaning of some of the most prevalent security terminology. 

Back to Basics: What is Security Orchestration?

Sarah Eck March 8, 2018

 

Some things just go together. Peanut butter and jelly. Gin and tonic. Bacon and more bacon. The same is true for security automation and orchestration. So much so that, the two often get used interchangeably. However, just like peanut butter will never actually be jelly, security orchestration and security automation aren’t the same thing.

Gartner releases SOAR Innovation Insight research | Siemplify

Siemplify December 14, 2017

Last week marked an important milestone for the Security Orchestration and Automation market. Gartner Research issued their most comprehensive research to date - Innovation Insight for Security Orchestration, Automation and Response or SOAR for short (Available to Gartner subscribers).

Siemplify Announces the Deployment of ThreatNexus 2.0

Siemplify July 20, 2017

The demands and challenges within the scope of security operations are quite fierce. The problems plaguing security operations: alert fatigue, too many point solutions, shortage of analysts are well documented, and in many cases getting worse. These challenges are exacerbated with immense pressure driving burnout and high turnover among analysts.  

4 Best Practices For Building a Security Operations Center

Amos Stern July 9, 2017

Building a security operations centerYou have to know four things before building anything, whether it's something "simple" like assembling your new furniture from IKEA or breaking ground on an entire community of homes:

1. What you're building 

Something Powerful

Tell The Reader More

The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.

Remember:

  • Bullets are great
  • For spelling out benefits and
  • Turning visitors into leads.

Subscribe to Email Updates

Top Stories