Latest news with #SOCs
Forbes
6 days ago
- Business
- Forbes
When Hackers Aren't Human: 3 Key Strategies To Combat A New Era Of Cyber Threats
Travis Runty, Head of Security - Public Cloud, Rackspace Technology. getty The rapid adoption of Internet of Things (IoT) and cloud-connected technologies has significantly expanded organizations' digital footprints, enhancing flexibility and unlocking new technological capabilities. But this growth has also exposed new risks, providing cybercriminals with more entry points and potential "surface areas" to exploit. Even more concerning, these cyber threats are no longer limited to human attackers, with AI-driven "bad bot" attacks now accounting for one-third of all internet traffic. These bots expose critical flaws and vulnerabilities within the security frameworks that IT leaders have established in their architectures and operations. Unfortunately, traditional security operations centers (SOCs) are built to detect threats based on predefined rules and human-driven logic or characteristics. AI-powered bots use automation and adaptive methods to execute more sophisticated and dynamic attacks that can bypass these existing defenses. In response to these evolving vulnerabilities, IT teams must adopt a more holistic and proactive cybersecurity strategy, inclusive of strong AI assistance. Strengthening your SOC's readiness involves three key strategies: One of the biggest challenges for most SOCs is repetitive and round-the-clock monitoring carried out by "threat hunters" or frontline defenders who are responsible for responding to attacks and identifying potential vulnerabilities before they can be exploited. As the volume of cyber threats continues to rise, so does the pressure on these teams. Human error is more likely when IT professionals are overwhelmed by alerts and false positives, causing teams to become numb to the noise. A study by the Ponemon Institute found that 65% of SOC analysts are experiencing burnout due to increasing workloads, highlighting this urgent need for a shift in cybersecurity approaches. This shift may require a change in how security professionals view their skills and ultimately change the layer in which they engage. No longer can SOCs be composed of security generalists who respond to every alert. Instead, they must adopt a triage-based model that leverages AI solutions to evaluate and correlate, and then (if appropriate) assigns team members to threats based on expertise. To succeed, SOC leaders should create teams where each professional is proficient in managing the different types of threats at the host, platform or edge layer. This approach allows the organization to respond more efficiently to advanced threats they are facing while proactively strengthening their defenses against future risks. Moreover, security can no longer be confined to the sole domain of one department. Instead, it should be embedded into the entire organization with security-minded professionals integrated into multiple teams to foster a more resilient and proactive security stance. To address these new types of threats, SOCs also need to rethink the way they use technology, particularly regarding next-generation security information and event management (SIEM) and security orchestration, automation and response (SOAR) solutions. Today's SIEMs excel at detecting and reporting security incidents and aggregating and consolidating log data to help security teams identify and investigate potential threats. Next-generation SIEMs are also predictive and adaptive and go beyond simple reporting to analyze patterns across multiple layers rather than isolated incidents, while also monitoring traffic patterns and data access in real time. Before implementation, SOCs need to have a complete understanding of their technological assets, including endpoints, networks and other critical systems, which will be the key data sources leveraged. Although next-generation SIEMs offer advanced capabilities, they aren't tools that security teams can simply "turn on" and walk away. Ongoing support from trained team members or trusted partners will be essential to ensure effective management and performance. While the rise of AI bots has brought about new cybersecurity challenges, AI is also a crucial defensive tool to protect organizations, detect threats faster and respond to breaches more efficiently. Many organizations are already leveraging AI as a cybersecurity tool. In a survey we conducted, 42% of IT leaders said they are integrating AI into their cloud strategies for use in advanced security and threat detection. Organizations can encounter several challenges when integrating AI into their cloud strategies. One common issue is that AI solutions often start with low confidence in their outputs, leading to a high rate of false positives and false negatives. Additionally, if not properly tuned, these systems can overwhelm teams with excessive alerts, resulting in alert fatigue and the risk of missing critical events. These challenges can be mitigated by building teams with the right mix of security and data science expertise to continuously monitor, tune and improve the models. However, these skill sets are in high demand and can be difficult to source. Just as SOC teams need to be embedded across the entire organization, the seamless integration of AI-assisted threat detection, notification, enrichment and remediation is equally crucial. With the rise of edge computing, organizations must consider how they can extend security beyond centralized systems to where their data is most vulnerable. With attacks accelerating in pace and intensity, organizations cannot afford slow, laborious reporting structures. Well-rounded sensors must be deployed at the edge to detect and mitigate threats. Finally, aggregation of these events empowers better-informed correlation but can also introduce additional noise. To overcome this, an effective approach to AI should focus on tuning models to your specific environment, integrating threat intelligence and applying context-aware filtering. This ensures your team is prioritizing the highest-confidence threats—maximizing their impact and reinforcing trust with customers and stakeholders. Next-generation SOCs are increasingly investing in predictive threat modeling to anticipate risks and proactively refine their response strategies. This includes advanced tabletop exercises designed to surface effective behaviors and inform the creation of automated or guided runbooks—providing consistent, step-by-step protocols for managing incidents and routine operations. We're also seeing the emergence of fully autonomous containment platforms capable of investigating and correlating threats across diverse data sources. These systems can validate security events through analytics, minimizing the need for manual intervention or direct tool management by cybersecurity teams. Security transformation is a complex and unforgiving process, where even small gaps can lead to significant risks. To defend against AI-driven threats, SOCs must evolve. True security in the AI era depends on deep collaboration—where partners share insights, communicate seamlessly and evaluate information to stay ahead of attackers. Strengthening your SOC's readiness involves three key strategies.
Forbes
18-04-2025
- Business
- Forbes
Proving The Value Of SOCs When Nothing Is On Fire
Alex Lanstein is the CTO of StrikeReady, pioneering unified AI-powered Security Command Center solutions for Security Operations Centers. Every day, security operations center (SOC) professionals protect their companies' systems through proactive threat intelligence activities that include gathering information about potential cyberattacks, analyzing their impact and determining the most effective way to respond to them. During a cyberattack, the worth of an SOC is clear. When everything is burning down, SOCs are the firefighters working to protect an organization's systems. But how do SOCs demonstrate their worth when nothing is on fire? Unfortunately, some company decision makers may regard SOCs as the seatbelt they can remove because they haven't been in any accidents lately. Even though they're getting the benefits of the daily protections SOCs provide, when there's no clear evidence of this defense, companies may decide that the precautions aren't worth the cost. SOCs already know how valuable they are, but it doesn't matter if no one else sees what they bring to the table. As a result, it's important for SOCs to actively and consistently prove their worth by changing the way they operate. When SOCs have effectively warded off security breaches, it can be difficult for them to get the visibility and credibility they deserve because nothing is happening. And when nothing is happening, an organization's management may be left wondering what the SOC actually does—and why it's even necessary. To help make the business case for SOCs, leveraging metrics is key. There are numerous points in the analyst workflow that can be highlighted. • Extracting Indicators: SOCs regularly review threat intelligence reports. It's important to highlight the importance of this work. Outlining all of the domains, IP addresses, hashes and URLs that may have been problematic without their intervention demonstrates how many fires could have burned a company's system down—but didn't get a chance to ignite. • Checking Intelligence Feeds: Often, leaders are overlooking the effort spent to proactively block threats, and they assume the things being prevented are not 'novel.' But that is not necessarily the case. SOCs should show how they've extracted and searched for indicators that were caught by security tools, on a retroactive basis. To say it another way, there is very little finished threat intel about today's threats. Those intel products are released weeks or months from 'boom,' so you need to run a retrospective analysis to help tell a better story of the attacks you blocked three months ago. It didn't happen to you, but it did impact another organization. Otherwise, there would be no intel. • Reviewing Alerts: Security tools should be maximally implemented and effective, but are they really? SOCs should provide metrics about which tools are producing what quality of alerts on an ongoing basis. Oftentimes, cybersecurity vendors wax and wane with the quality of their detection capabilities, and management should be able to understand when that once-hot vendor starts to taper off in value. • Searching Logs: Alerts are only as good as the frequency at which they're generated. Leaders won't know about threats that no one was warned about, but SOCs will. They can communicate with decision makers about their ability to look at endpoint telemetry, network traffic and browser activity logs to find indicators of threats that were present, but never triggered an alert. Creating metrics about the time it takes to execute basic hunts (indicator-based searches) shows where telemetry and search horsepower could be improved. • Simulating Attacks: A simulation is a fire that never actually sparked, but one that could have. SOCs should execute controlled threat simulations in virtual environments to determine the effectiveness of security tools for detecting and responding to possible threats. Since organizations generally don't track these time-consuming tasks, letting executives know about simulations—or even showing one in action—can illustrate the importance of SOCs' work. Despite the various metrics SOCs can report to their organizations, they generally don't monitor their effectiveness. One major factor that precludes reporting on metrics is the manual effort it takes. Developing and updating connectors to collect, analyze and correlate threat intelligence information from various security tools would be extremely onerous. Although security orchestration tools do exist, they require companies to build their own playbooks and manage APIs that can frequently change. This means only the most sophisticated organizations with security engineers can create effective workflows—leaving other companies to toil with the more labor-intensive approach. However, this doesn't mean metrics should not be measured at all. If SOC analyst workflow metrics are too challenging to quantify and record, there is another way they can show their value: benchmarking. Establishing benchmarks allows SOCs to adopt a data-based strategy that boosts their effectiveness. This also allows them to illustrate how many reports have been handled, as well as how much time was spent on each phase of the process. Some of the questions SOCs can use as the foundation for measuring benchmarks include: • How long does it currently take to fully analyze one threat intelligence report? • How many reports should be reviewed per day or week to achieve threat coverage? • Where are the logjams? • Does a tool or manual workflow cause delays? • How can automation be used to increase the speed of these processes without jeopardizing the quality? Answering these questions can be a starting point for how SOCs present their daily activities in a way that's meaningful to management. Chances are, executives aren't aware of the numerous activities SOC analysts engage in when there's no obvious threat to manage. This problem can be solved by SOCs regularly documenting their efforts through weekly reports. Cybersecurity is a dynamic field, so organizations must shift from a defensive approach to managing threats proactively. However, in order to do this, SOCs must be able to demonstrate the importance of their roles and justify their budgets. Otherwise, leaders may come to the conclusion that SOCs just aren't needed. By creating performance benchmarks and measuring how effective they are, SOCs can prove that the data fires that never burn are the most important fires of all. Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
Zawya
05-02-2025
- Business
- Zawya
Exabeam wins Best Threat Detection, Investigation and Response Solution at the 2025 CYSEC Qatar Awards
Doha, Qatar – Exabeam, a global cybersecurity leader that delivers AI-driven security operations, has won the award for Best Threat Detection, Investigation and Response at the 13th edition of the CYSEC Qatar Awards. The self-hosted LogRhythm SIEM platform and cloud-native New-Scale Security Operations Platform have been recognized for their ability to provide security operations center (SOC) teams with the insights to identify anomalies, swiftly respond to emerging threats, and meet regulatory compliance standards. LogRhythm SIEM delivers synchronized threat intelligence and automated workflows to enable organizations to achieve faster, more accurate threat detection, investigation, and response (TDIR). With a customer base spanning multiple critical infrastructure sectors, the platform delivers integrated user and entity behavior analytics (UEBA) and security orchestration, automation, and response (SOAR) within a single, integrated platform to support complex environments as the region prepares for Qatar National Vision 2030. 'We are honored to be recognized for our SIEM platforms and how they enable SOCs to strengthen their defenses against evolving threats across Qatar and the rest of the Middle East,' said Mazen Adnan Dohaji, Vice President & General Manager iMETA, Exabeam. 'This award marks a fantastic milestone for Exabeam and is a true testament to the work of the team as we provide end-to-end visibility across all levels. I am proud to be part of the journey to enhance the region's overall security posture as digital adoption continues to grow.' LogRhythm SIEM enables organizations to rapidly comply with Qatar's National Cybersecurity Framework through an automated, out-of-the-box module. The LogRhythm Qatar Cybersecurity Framework (QCF) module provides pre-bundled content such as AI Engine (AIE) rules, alarms, investigations, lists, and reports that help organizations adhere to best practice around the QCF guidelines. In addition, the AI-driven New-Scale Security Operations Platform provides a powerful cloud-native solution to local organizations. Both platforms empower security teams with improved mean time to detect and respond to attacks with real-time visibility and better contextualization. 'It is a pivotal time for digitalization in the Middle East, with Qatar Vision 2030 aiming to position Qatar as a leading digital economy with robust cybersecurity frameworks. In preparation for this, cybersecurity must be at the forefront of organization's business priorities. On top of delivering advanced threat intelligence capabilities, our SIEM offerings enable CISOs to create a secure foundation for digital transformation by identifying areas of non-compliance in real time,' said Dohaji. The CYSEC Qatar Awards recognize outstanding contributions and innovations in cybersecurity across Qatar. This year's ceremony saw organizations awarded across 16 categories. The win follows the recent launch of LogRhythm Intelligence Copilot, a generative AI-powered feature delivering actionable insights to empower security teams and accelerate workflows. About CYSEC Qatar CYSEC QATAR is the premier Cybersecurity event scheduled on 4th FEBRUARY 2025 at the Sheraton Grand Doha Resort & Convention Hotel. The event is dedicated to safeguarding Qatar's digital infrastructure and building resilience against these threats. It serves as a platform for experts to collaborate on strategies and frameworks to secure the nation's digital future. About Exabeam Exabeam is a global cybersecurity leader that delivers AI-driven security operations. High-integrity data ingestion, powerful analytics, and workflow automation power the industry's most advanced self-managed and cloud-native security operations platform for threat detection, investigation, and response (TDIR). With a history of leadership in SIEM and UEBA, and a legacy rooted in AI, Exabeam empowers global security teams to combat cyberthreats, mitigate risk, and streamline security operations. Learn more at
