CyberSecurityBoard
Sponsor Register Login

The Keys to Modernizing the SOC

Security teams worldwide all experience a similar shared frustration: the overwhelming volumes of low-fidelity alerts and false positives that SOCs receive every day.
Eliminating the burden on SOC analysts is mission-critical to proactive threat hunting and supercharging risk posture.
I had the pleasure of speaking with Shailesh Rao, President of Cortex at Palo Alto Networks.
He shares his insights on modernizing the SOC by harnessing artificial intelligence and machine learning.
From ransomware to espionage attacks, cyberattacks are becoming increasingly harder to defend against.
Imagine that you have two security tools in your infrastructure.
Rao explains that there are at least three points vulnerable to compromise - each of the tools and the interface between them.
If you have three tools, that number becomes six points.
Malicious actors can use AI and ML to generate attacks at scale and overwhelm traditional cyber defenses.
This will have a tremendous impact on an organization's mean time to detect and mean time to respond.
Our Unit 42 Incident Response team recently observed a breach where a threat actor exfiltrated 2.5 terabytes of data in just 12 hours.
Considering that elusive threats can sometimes cause days or weeks of dwell time, security teams are pressed to improve their MTTD and MTTR metrics.
Rao also emphasizes that with the increasing pace of new attacks, organizations need more than human analysts on the defensive.
AI in cybersecurity has seen tremendous progress in the past year, but Rao is clear on differentiating generative AI from the AI used in cybersecurity.
Security teams cannot afford to make mistakes, so AI should be held to the same level of vigilance.
A Look at Palo Alto Networks SOC. Building on our conversation about AI in cybersecurity, Rao uses our own security operations center at Palo Alto Networks as a great example.
Rao points to our AI-driven SOC platform, Cortex XSIAM, as the engine behind our nimble and highly optimized team.
XSIAM consolidates security data from across the enterprise and stitches it together to automatically stop threats in real-time, requiring minimal human intervention.
In today's rapidly changing threat landscape, security leaders now have an opportunity to rethink their defenses and use the latest in AI to protect their organizations.
A platform approach is the best way to build an AI-powered risk posture and accurately detect and stop threats at scale.


This Cyber News was published on www.paloaltonetworks.com. Publication date: Fri, 05 Jan 2024 14:13:06 +0000


Cyber News related to The Keys to Modernizing the SOC

The Importance of SOC 2 Templates - Between navigating the SOC 2 landscape and implementing the proper controls and security systems, the to-do list quickly becomes overwhelming. Many tasks required for successful SOC 2 compliance don't come with a 'how-to' manual. In this piece, we're ...
6 months ago Securityboulevard.com
Unlocking Security Excellence: The Power of SOC-as-a-Service - In today's interconnected digital landscape, organizations face a constant barrage of cyberthreats. The increasing complexity and sophistication of these attacks require robust security measures to safeguard sensitive data and ensure business ...
6 months ago Securityboulevard.com
WTH is Modern SOC, Part 1 - Back in 2016 when I was a Gartner analyst, I was obsessed with the same question. As I said in my now-dead Gartner blog, a lot of security operation centers looked like they were built on a blueprint of a classic paper written by somebody from ...
6 months ago Securityboulevard.com
SOC Evolution Is About More Than Automation - Among the most critical concerns in the cybersecurity community is the apparent scarcity of a workforce with the requisite skills and training to keep pace with the expanding attack surface. According to recent research from ISC2, the global industry ...
4 months ago Cybersecurity-insiders.com
A Comprehensive Guide To Achieving SOC 2 Compliance - Obtaining SOC 2 compliance demonstrates an organization's commitment to data security and privacy, which can enhance trust and confidence among customers and partners. SOC 2 is a framework developed by the AICPA to assess the various trust service ...
4 months ago Feeds.dzone.com
CVE-2023-38291 - An issue was discovered in a third-party component related to ro.boot.wifimacaddr, shipped on devices from multiple device manufacturers. Various software builds for the following TCL devices (30Z and 10L) and Motorola devices (Moto G Pure and Moto G ...
2 months ago
CVE-2023-38298 - Various software builds for the following TCL devices (30Z, A3X, 20XE, 10L) leak the device IMEI to a system property that can be accessed by any local app on the device without any permissions or special privileges. Google restricted third-party ...
2 months ago
CVE-2023-38301 - An issue was discovered in a third-party component related to vendor.gsm.serial, shipped on devices from multiple device manufacturers. Various software builds for the BLU View 2, Boost Mobile Celero 5G, Sharp Rouvo V, Motorola Moto G Pure, Motorola ...
2 months ago
The Keys to Modernizing the SOC - Security teams worldwide all experience a similar shared frustration: the overwhelming volumes of low-fidelity alerts and false positives that SOCs receive every day. Eliminating the burden on SOC analysts is mission-critical to proactive threat ...
5 months ago Paloaltonetworks.com
CVE-2023-38297 - An issue was discovered in a third-party com.factory.mmigroup component, shipped on devices from multiple device manufacturers. Certain software builds for various Android devices contain a vulnerable pre-installed app with a package name of ...
2 months ago
CVE-2023-38296 - Various software builds for the following TCL 30Z and TCL A3X devices leak the ICCID to a system property that can be accessed by any local app on the device without any permissions or special privileges. Google restricted third-party apps from ...
2 months ago
Cisco XDR: SLEDs "SOC in a Box" - For State, Local, and Education entities the Security Operations Center is a required tool in the toolbox and a necessity for Cyber Insurance. Threats to data and information are ever evolving, and better safeguarding the security of SLED entities is ...
6 months ago Feedpress.me
Microsoft announces deprecation of 1024-bit RSA keys in Windows - Microsoft has announced that RSA keys shorter than 2048 bits will soon be deprecated in Windows Transport Layer Security to provide increased security. Rivest-Shamir-Adleman is an asymmetric cryptography system that uses pairs of public and private ...
3 months ago Bleepingcomputer.com
A Cost-Effective Encryption Strategy Starts With Key Management - Companies have a problem with encryption: While many businesses duly encrypt sensitive data, there is no standard strategy for deploying and managing an key-management infrastructure. Every organization needs to make a large number of decisions in ...
1 month ago Darkreading.com
3 Best Practices for SOC Leaders for Staying Ahead In 2024 - For security operations center leaders, staying ahead of security threats is a substantial challenge as the cyberthreat landscape is constantly evolving. If SOC leaders fail to proactively monitor and readily adapt to these rising and ever-changing ...
4 months ago Securityboulevard.com
RSA Keys Security: Insights from SSH Server Signing Errors - In the realm of secure communication protocols, RSA keys play a pivotal role in safeguarding sensitive information. Recently, a group of researchers from prominent universities in California and Massachusetts uncovered a vulnerability in the SSH ...
6 months ago Securityboulevard.com
CVE-2023-38299 - Various software builds for the AT&T Calypso, Nokia C100, Nokia C200, and BLU View 3 devices leak the device IMEI to a system property that can be accessed by any local app on the device without any permissions or special privileges. Google ...
2 months ago
How to Use Titan Security Keys With Passkey Support - Google's updated Titan Security Keys can serve as a multifactor authenticator and store passkeys to replace passwords. Google announced the availability of Titan Security Keys with passkey support in mid-November 2023; the initial Titan Security Keys ...
6 months ago Techrepublic.com
SANS Institute Research Shows the Frameworks Organizations Use - The report shares and analyzes research on a range of security operations center practices and outlines the current state of the SOC within many organizations, based on in-depth survey findings of IT and cybersecurity professionals from around the ...
6 months ago Darkreading.com
Playbooks on-prem - To address this challenge, Sekoia.io has recently released Playbooks on-prem. In this way, Playbooks on-prem may appeal to companies seeking to synchronize cloud actions with those executed on-premises. At its core, Playbooks on-prem revolve around a ...
4 months ago Blog.sekoia.io
Microsoft is a Leader in the 2024 Gartner® Magic Quadrant™ for Security Information and Event Management​​ - We are pleased to announce that Microsoft has been recognized as a Leader in the Gartner® Magic Quadrant™ for Security Information and Event Management. 1 We believe our position in the Leaders quadrant validates our vision and continued ...
1 month ago Microsoft.com
"What is Security Keys for Apple ID and Why Does It Matter?" - Security keys are an extra layer of security that adds an additional layer of protection to users' online accounts. They help protect against phishers, hackers, and other cyber threats by providing strong authentication, which is an important part of ...
1 year ago Zdnet.com
How to Use Security Keys to Protect Your Apple ID on Your iPhone - Securing your Apple ID is necessary for any user with an iPhone. With the increasing number of data breaches occurring online, protecting yourself from potential threats is more essential than ever. Security keys, such as the Titan Security Key, are ...
1 year ago Zdnet.com
CVE-2023-38293 - Certain software builds for the Nokia C200 and Nokia C100 Android devices contain a vulnerable, pre-installed app with a package name of com.tracfone.tfstatus (versionCode'31', versionName'12') that allows local third-party apps to ...
2 months ago
Over 12 million auth secrets and keys leaked on GitHub in 2023 - GitHub users accidentally exposed 12.8 million authentication and sensitive secrets in over 3 million public repositories during 2023, with the vast majority remaining valid after five days. The exposed secrets include account passwords, API keys, ...
3 months ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)