Security operations teams that continue to rely on manual processes are squarely sitting behind the proverbial eight ball. The times are a-changing – only hurried along by the COVID-19 pandemic – and Forrester’s Joseph Blankenship and Chase Cunningham are here to share their perspective on the future of the SOC as part of a four-part series with Siemplify.
Today we are happy to unveil a completely revamped SOAR marketplace that is designed from the ground up for rapid time to value, making SOAR implementation faster and simpler than ever before. The Siemplify Marketplace is a one-stop-shop for all the integrations, use cases, playbook components and analytics needed to get running with SOAR in no time. As you’d expect from the No. 1 vendor-agnostic SOAR provider, the Siemplify marketplace provides access to a vast library of integrations.
Table of Contents:
00:00 - Introduction
00:08 - C&C concept
00:31 - C&C types
01:02 - C&C in SecOps
01:41 - C&C in SecOps: alerts
02:23 - C&C in SecOps: Triage
02:45 - C&C in SecOps: new investigation
03:14 - C&C in SecOps: associations
04:09 - C&C in SecOps: related alerts
04:49 - C&C in SecOps: Hunting
05:18 - C&C in SecOps: identify outbound traffic
The turning of the annual calendar was celebrated globally in a way not seen in a generation, but 2021 will not magically remove the world’s problems, as you probably have discovered by now. We are all still inheriting the mess of 2020 – at least for a little while longer – and cybersecurity is no exception.
Well, no one saw that coming. For humanity, the global pandemic has altered every aspect of the way we interact with one another. From the horrible loss of lives, to forced distancing from our loved ones to economic struggles for big parts of the population, it seems like we are all ready to put 2020 behind us and look forward to a brighter 2021 with the help of a vaccine developed in record time.
Cybersecurity vendor FireEye recently disclosed a sophisticated attack which led to the “unauthorized access of their red team tools.” A few days later, this attack was linked to a widespread and complex supply chain attack, referred to as “Sunburst,” targeting SolarWinds’ enterprise IT monitoring solution. As always, make sure to review and follow the recommendations and countermeasures from both SolarWinds and FireEye.
Extended Detection and Response (XDR) is a new security technology that promises to change the way security organizations operate, and introduce important efficiencies to day-to-day processes. In particular, XDR is expected to have a huge impact on incident response teams. In this article, we’ll explain the basics of XDR, show how it addresses incident response challenges, and how it can transform traditional processes in the SOC.
She signs off her emails with “keep it surreal” just above a colorful signature that describes her as a “network security person” but also a “data disciple,” “community cultivator,” “eccentric educator” and (we’ll explain later) “ex-animator.” Oh, and at the very footer of her emails, she offers a small-fonted but not-so-subtle dig at her email carrier of choice: “hey Google, The Man, state-sponsored APT, darknet skulki
