Few cybersecurity components are as familiar as the next-generation firewall (NGFW) for enterprise protection. Despite this ubiquity, it is common for security teams to operate their NGFW in a suboptimal manner. The TAG Cyber team has observed, for example, that many enterprise teams operate their NGFW more like a traditional firewall. This can result in a reduction of traffic visibility, which in turn degrades prevention, detection, and response.
Machines are better at speed and scale than humans. But humans have the edge over machines at thinking outside of the box, using their curiosity and creativity to come up with solutions, and reasoning that machines cannot define or replicate. When it comes to security operations, humans and automation are the duo that’s stronger and more effective in partnership than when they’re apart. Using extended detection and response (XDR) can bring these skills to the forefront of the Security Operations Center (SOC), leaving the repeatable, boring tasks to the machines and allowing for these human traits to shine.
SOAR’s place in the fast-moving security arena has changed, and it is being swallowed up by advanced SIEMs. A new Gartner report sheds light on how the market has shifted and lays bare the paradox of smaller SOC teams, who need automated triage the most but aren’t able to maintain a SOAR.
Security Orchestration, Automation and Response (SOAR) solutions came on the market around six years ago. The two main objectives of these tools were to orchestrate 3rd party tools for filtering false positive alerts out of the network, and to automatically block attacks. SOAR came on the scene with bold statements to fill in some of the gaps that existed in Security Information and Event Management (SIEM) platforms, which have been making security analysts miserable for twenty years now.
The Forum of Incident Response and Security Teams (FIRST) is holding its annual conference online next week. The three-day event, which is taking place online for the first time, will feature both industry experts and academics from the global community talking about the latest developments on how to prevent, detect and respond to computer security incidents. The
Digital Shadows, throughout the years, has tracked SandWorm, and has now revisited the tactics, techniques and procedures (TTPs) behind the SandWorm APT.
Security operations centers (SOCs) across the globe are most concerned with advanced threat detection and are increasingly looking to artificial intelligence (AI) and machine learning (ML) technologies to proactively safeguard the enterprise, according to a new study by Micro Focus, in partnership with CyberEdge Group.
Following a global consultation, the Forum of Incident Response and Security Teams (FIRST) is launching new ethics guidelines for incident response and security teams on Global Ethics Day. ethicsfIRST provides guidance for cybersecurity professionals on how to conduct themselves professionally and ethically during incidents. Inspired by Earth Day, Global Ethics Day provides an opportunity for organizations to explore the meaning of ethics in international affairs.
Proactive cybersecurity programs include comprehensive activities that involve not only the IT and security teams, but also the CEO and boards of directors. Examples of key proactive activities include identifying risk tolerance, defining governance structures, and developing comprehensive security strategies. Throughout this article, we will review key domains where organizations can proactively fortify their cybersecurity measures. COVID-19 has increased threat activity and created unique changes — and increased risk — in IT environments. Now is the time to review some “quick hit” areas where you can bolster your cybersecurity and execute your winning strategy.
The Cybersecurity and Infrastructure Security Agency (CISA) joined with public and private-sector partners to conduct an interagency Tabletop Exercise (TTX) called “National Harbor 2020 – Recovery Phase Exercise,” September 29 – 30, to test the processes and plans required by regional government and business partners following a notional catastrophic incident at National Harbor outside of Washington, D.C.
The Forum of Incident Response and Security Teams (FIRST) jointly honored Ian Charles Cook and Don Stikvoort in the second edition of The Incident Response Hall of Fame.