The Security Operations Center has come a long way from what it was back in the early 2000s. It really wasn’t even called a SOC. It was more like a combination of people having different roles trying figure it out when a security incident hit and just hope that you could get the network back to a running state without any disruption to business or loss of sensitive data. It was the culmination of teams coming together between that two-person team managing antivirus and firewalls, the network operations center (NOC), desktop support, and the LAN admin with “God” rights to the domain controllers.
Fast forward to now, we have the SOC tier 1, 2, and 3 analysts, the Incident Responders, Threat Hunters, Threat Intelligence analysts, Red Teams, Blue Teams, and it keeps going. What does this all mean? This is “Fusion” as some orgs like to call it. In laymen’s terms it’s coming together as the good guys to defend against the bad guys. Yet, why is it still so difficult as a defender even with so much support in cyber security? It really comes down to a few key things. There is still a need for extended visibility, a need for experienced professionals, and a need for collaboration amongst these teams!
Long-term Visibility
Were you ever in an investigation where you couldn’t retrieve evidence you needed because it was a long time ago, or maybe you just didn’t have the infrastructure, hardware, or expenses to support the data you needed? What if none of this mattered and you always had 365 days of visibility at your fingertips and in a matter of minutes you were ready to answer any hard question you were trying to solve in an investigation?
That’s what we’re providing in the latest version of ThreatINSIGHT! We give security teams the historical visibility to carry out thorough investigations and to hunt for threats that may have been loitering for nearly one year.
That alone gives me a warm fuzzy feeling, but there’s more.
Expertise by Your Side, Both Machine and Human.
Experienced security professionals are hard to come by. Regardless of organization size or maturity there’s always a need for experienced security folks. No matter how good you are, there’s always a time you will get stuck or wish you just had the experience dealing with that new thing that came at you. What if you had by your side the brains and experience of incident responders helping you with playbooks and guiding you towards what to do next? In addition, what if you had an idea of what to do next but didn’t quite know how to execute?
This is where ThreatINSIGHT’s Technical Success Managers come in. They are there to ensure your security team can use ThreatINSIGHT quickly and effectively. They work together with your security team to provide guidance and best practices so you can focus on threats and not tool and vendor management.
There’s definitely something to be said when you don’t have to “figure it out” and learn yet another query language. Today’s SOC has to learn how to write and create playbooks in their EDR, SIEM, SOAR, and possibly many other tools. One less thing to learn and “figure out” is always a good thing.
Too many vendors view security analysis as a solitary endeavor, but that’s not really the case. Defending against the adversaries, together – that’s the essence of collaboration. You have industry’s best security professionals, and you have strategic security partners by your side.
Security teams don’t work in a vacuum, and they need tools that let them coordinate their efforts. ThreatINSIGHT’s parallel hunting does just that. It lets analysts search for multiple events at once while allowing them to coordinate their investigatory efforts across their teams.
Incident responders and security analysts need tools that work right “out-of-the-box,” especially during high-pressure security incidents. Guided playbooks give security teams the tools to identify attacker – all within a few mouse clicks, that have been perfected by our ATR (Applied Threat Research) team.
Being able to hunt for evil in parallel alongside your colleagues, take notes and come to a conclusion so that the good guys can kick out and keep adversaries at bay is what success is for your role.
ThreatINSIGHT helps you take a giant leap in this battle. Now, on to the next!
The original article can be found here.
Comments