The Keys to Modernizing the SOC

Security teams worldwide all experience a similar shared frustration: the overwhelming volumes of low-fidelity alerts and false positives that SOCs receive every day.
Eliminating the burden on SOC analysts is mission-critical to proactive threat hunting and supercharging risk posture.
I had the pleasure of speaking with Shailesh Rao, President of Cortex at Palo Alto Networks.
He shares his insights on modernizing the SOC by harnessing artificial intelligence and machine learning.
From ransomware to espionage attacks, cyberattacks are becoming increasingly harder to defend against.
Imagine that you have two security tools in your infrastructure.
Rao explains that there are at least three points vulnerable to compromise - each of the tools and the interface between them.
If you have three tools, that number becomes six points.
Malicious actors can use AI and ML to generate attacks at scale and overwhelm traditional cyber defenses.
This will have a tremendous impact on an organization's mean time to detect and mean time to respond.
Our Unit 42 Incident Response team recently observed a breach where a threat actor exfiltrated 2.5 terabytes of data in just 12 hours.
Considering that elusive threats can sometimes cause days or weeks of dwell time, security teams are pressed to improve their MTTD and MTTR metrics.
Rao also emphasizes that with the increasing pace of new attacks, organizations need more than human analysts on the defensive.
AI in cybersecurity has seen tremendous progress in the past year, but Rao is clear on differentiating generative AI from the AI used in cybersecurity.
Security teams cannot afford to make mistakes, so AI should be held to the same level of vigilance.
A Look at Palo Alto Networks SOC. Building on our conversation about AI in cybersecurity, Rao uses our own security operations center at Palo Alto Networks as a great example.
Rao points to our AI-driven SOC platform, Cortex XSIAM, as the engine behind our nimble and highly optimized team.
XSIAM consolidates security data from across the enterprise and stitches it together to automatically stop threats in real-time, requiring minimal human intervention.
In today's rapidly changing threat landscape, security leaders now have an opportunity to rethink their defenses and use the latest in AI to protect their organizations.
A platform approach is the best way to build an AI-powered risk posture and accurately detect and stop threats at scale.

This Cyber News was published on www.paloaltonetworks.com. Publication date: Fri, 05 Jan 2024 14:13:06 +0000

Cyber News related to The Keys to Modernizing the SOC

The Importance of SOC 2 Templates - Between navigating the SOC 2 landscape and implementing the proper controls and security systems, the to-do list quickly becomes overwhelming. Many tasks required for successful SOC 2 compliance don't come with a 'how-to' manual. In this piece, we're ...
1 year ago Securityboulevard.com

Unlocking Security Excellence: The Power of SOC-as-a-Service - In today's interconnected digital landscape, organizations face a constant barrage of cyberthreats. The increasing complexity and sophistication of these attacks require robust security measures to safeguard sensitive data and ensure business ...
1 year ago Securityboulevard.com

WTH is Modern SOC, Part 1 - Back in 2016 when I was a Gartner analyst, I was obsessed with the same question. As I said in my now-dead Gartner blog, a lot of security operation centers looked like they were built on a blueprint of a classic paper written by somebody from ...
1 year ago Securityboulevard.com

SOC Evolution Is About More Than Automation - Among the most critical concerns in the cybersecurity community is the apparent scarcity of a workforce with the requisite skills and training to keep pace with the expanding attack surface. According to recent research from ISC2, the global industry ...
1 year ago Cybersecurity-insiders.com

CVE-2023-38291 - An issue was discovered in a third-party component related to ro.boot.wifimacaddr, shipped on devices from multiple device manufacturers. Various software builds for the following TCL devices (30Z and 10L) and Motorola devices (Moto G Pure and Moto G ...
10 months ago

A Comprehensive Guide To Achieving SOC 2 Compliance - Obtaining SOC 2 compliance demonstrates an organization's commitment to data security and privacy, which can enhance trust and confidence among customers and partners. SOC 2 is a framework developed by the AICPA to assess the various trust service ...
1 year ago Feeds.dzone.com

CVE-2023-38298 - Various software builds for the following TCL devices (30Z, A3X, 20XE, 10L) leak the device IMEI to a system property that can be accessed by any local app on the device without any permissions or special privileges. Google restricted third-party ...
10 months ago

CVE-2023-38301 - An issue was discovered in a third-party component related to vendor.gsm.serial, shipped on devices from multiple device manufacturers. Various software builds for the BLU View 2, Boost Mobile Celero 5G, Sharp Rouvo V, Motorola Moto G Pure, Motorola ...
10 months ago

CVE-2023-38297 - An issue was discovered in a third-party com.factory.mmigroup component, shipped on devices from multiple device manufacturers. Certain software builds for various Android devices contain a vulnerable pre-installed app with a package name of ...
10 months ago

The Keys to Modernizing the SOC - Security teams worldwide all experience a similar shared frustration: the overwhelming volumes of low-fidelity alerts and false positives that SOCs receive every day. Eliminating the burden on SOC analysts is mission-critical to proactive threat ...
1 year ago Paloaltonetworks.com

CVE-2024-56787 - In the Linux kernel, the following vulnerability has been resolved: soc: imx8m: Probe the SoC driver as platform driver With driver_async_probe=* on kernel command line, the following trace is produced because on i.MX8M Plus hardware because the ...
1 month ago Tenable.com

SOC Webinar: Better SOC with Interactive Malware Sandbox - Register for Free - During this real-time session, you will see how interactive malware analysis helps SOC analysts detect threats in seconds, speed up triage, and respond to incidents before damage is done. To help SOC teams solve this problem, ANY.RUN is hosting a ...
3 days ago Cybersecuritynews.com

CVE-2023-38296 - Various software builds for the following TCL 30Z and TCL A3X devices leak the ICCID to a system property that can be accessed by any local app on the device without any permissions or special privileges. Google restricted third-party apps from ...
10 months ago

Cisco XDR: SLEDs "SOC in a Box" - For State, Local, and Education entities the Security Operations Center is a required tool in the toolbox and a necessity for Cyber Insurance. Threats to data and information are ever evolving, and better safeguarding the security of SLED entities is ...
1 year ago Feedpress.me

Microsoft announces deprecation of 1024-bit RSA keys in Windows - Microsoft has announced that RSA keys shorter than 2048 bits will soon be deprecated in Windows Transport Layer Security to provide increased security. Rivest-Shamir-Adleman is an asymmetric cryptography system that uses pairs of public and private ...
11 months ago Bleepingcomputer.com

A Cost-Effective Encryption Strategy Starts With Key Management - Companies have a problem with encryption: While many businesses duly encrypt sensitive data, there is no standard strategy for deploying and managing an key-management infrastructure. Every organization needs to make a large number of decisions in ...
9 months ago Darkreading.com

3 Best Practices for SOC Leaders for Staying Ahead In 2024 - For security operations center leaders, staying ahead of security threats is a substantial challenge as the cyberthreat landscape is constantly evolving. If SOC leaders fail to proactively monitor and readily adapt to these rising and ever-changing ...
1 year ago Securityboulevard.com

RSA Keys Security: Insights from SSH Server Signing Errors - In the realm of secure communication protocols, RSA keys play a pivotal role in safeguarding sensitive information. Recently, a group of researchers from prominent universities in California and Massachusetts uncovered a vulnerability in the SSH ...
1 year ago Securityboulevard.com

CVE-2023-38299 - Various software builds for the AT&T Calypso, Nokia C100, Nokia C200, and BLU View 3 devices leak the device IMEI to a system property that can be accessed by any local app on the device without any permissions or special privileges. Google ...
3 months ago

How to Use Titan Security Keys With Passkey Support - Google's updated Titan Security Keys can serve as a multifactor authenticator and store passkeys to replace passwords. Google announced the availability of Titan Security Keys with passkey support in mid-November 2023; the initial Titan Security Keys ...
1 year ago Techrepublic.com

SANS Institute Research Shows the Frameworks Organizations Use - The report shares and analyzes research on a range of security operations center practices and outlines the current state of the SOC within many organizations, based on in-depth survey findings of IT and cybersecurity professionals from around the ...
1 year ago Darkreading.com

Playbooks on-prem - To address this challenge, Sekoia.io has recently released Playbooks on-prem. In this way, Playbooks on-prem may appeal to companies seeking to synchronize cloud actions with those executed on-premises. At its core, Playbooks on-prem revolve around a ...
1 year ago Blog.sekoia.io

Microsoft is a Leader in the 2024 Gartner® Magic Quadrant™ for Security Information and Event Management - We are pleased to announce that Microsoft has been recognized as a Leader in the Gartner® Magic Quadrant™ for Security Information and Event Management. 1 We believe our position in the Leaders quadrant validates our vision and continued ...
9 months ago Microsoft.com

CVE-2024-50301 - In the Linux kernel, the following vulnerability has been resolved: security/keys: fix slab-out-of-bounds in key_task_permission KASAN reports an out of bounds read: BUG: KASAN: slab-out-of-bounds in __kuid_val include/linux/uidgid.h:36 BUG: KASAN: ...
3 months ago Tenable.com

CVE-2023-38293 - Certain software builds for the Nokia C200 and Nokia C100 Android devices contain a vulnerable, pre-installed app with a package name of com.tracfone.tfstatus (versionCode'31', versionName'12') that allows local third-party apps to ...
10 months ago

Latest Cyber News

BlackBastaGPT – A ChatGPT Powered Tool to Uncover Ransomware Group Tactics - Cyber Security News - 13 hours ago
CVE-2022-28339 - 18 hours ago
Beware: PayPal "New Address" feature abused to send phishing emails - 18 hours ago
CVE-2025-26774 - 23 hours ago
CVE-2025-26776 - 23 hours ago
CVE-2025-26973 - 23 hours ago
CVE-2025-27012 - 23 hours ago
CVE-2025-26750 - 23 hours ago
CVE-2025-26756 - 23 hours ago
CVE-2025-26757 - 23 hours ago
CVE-2025-26760 - 23 hours ago
CVE-2025-26763 - 23 hours ago
CVE-2025-26764 - 23 hours ago
Fake CS2 tournament streams used to steal crypto, Steam accounts - 1 day ago
CVE-2024-12577 - 1 day ago
CVE-2024-46975 - 1 day ago
CVE-2024-47896 - 1 day ago
CVE-2024-52939 - 1 day ago
CVE-2025-0957 - 1 day ago
CVE-2025-1556 - 1 day ago

Cyber Trends (last 7 days)

Okta - 1 year ago
Kimsuky - 1 year ago
23andMe - 1 year ago
LogoFAIL - 1 year ago
Gh0st rat - 1 year ago

Trending Cyber News (last 7 days)

BlackBastaGPT – A ChatGPT Powered Tool to Uncover Ransomware Group Tactics - Cyber Security News - 13 hours ago
CVE-2019-8900 - 1 day ago
CVE-2025-26622 - 1 day ago
CVE-2025-27104 - 1 day ago
CVE-2025-27105 - 1 day ago
CVE-2025-27106 - 1 day ago
CVE-2025-27108 - 1 day ago
CVE-2025-27109 - 1 day ago
CVE-2024-45674 - 1 day ago
CVE-2024-22341 - 1 day ago
CVE-2023-4261 - 1 day ago
CVE-2024-13873 - 1 day ago
CVE-2024-13899 - 1 day ago
CVE-2025-1509 - 1 day ago
CVE-2025-1510 - 1 day ago
CVE-2024-12038 - 1 day ago
CVE-2024-12467 - 1 day ago
CVE-2024-13474 - 1 day ago
CVE-2024-13798 - 1 day ago
CVE-2024-13564 - 1 day ago