High-Impact Strategies to Automating SecOps

High-Impact Strategies to Automating SecOps

Cyber Security Automation; Where to Start

The short and quick answer is; you start with the most impactful tasks. These are the tasks that will bring the highest value and return on your investment in the shortest period of time.

When automating your Security Operations Center (SOC), tasks in an effort to deal with high volumes of appliance events and alerts, you'll likely find that analysts will have tightened the criteria on what triggers an alert to be sent to them. This action will provide the analyst with the highest priority alerts.

Read More »

Your Top Cybersecurity Analyst Just Quit.  Now what?

Your Top Cybersecurity Analyst Just Quit.  Now what?

I've had the pleasure of working alongside of some really smart and talented cybersecurity analysts. In this environment where there is a severe shortage of such people, they are frequently getting calls from headhunters who would like to recruit them into a much better paid position. I've seen more than one finally succumb to the "greener grass" on the other side of the fence.

Companies are experiencing this "brain drain" right now, and there is a lot more to come. They're losing knowledge and experience that takes years for a really good analyst to acquire. Sadly, it is the kind of knowledge and experience that can only be learned within the enterprise which they protect. Knowledge in three key areas is required to be one of the best; 1) network security, 2) threat intelligence, and 3) perhaps the most important, contextual knowledge of the enterprise itself.

Read More »

Give Credit Where Credit is Due — Cybersecurity Analysts

Give Credit Where Credit is Due — Cybersecurity Analysts

Some cybersecurity analysts amaze me. In fact, in broader terms, experts amaze me. When you see an expert in action they frequently make very difficult things seem so simple. Their experience has honed their skills to the point they can understand very confusing scenarios. In particular, cybersecurity experts can intuitively recognize suspicious actions and network conditions that mere mortals can’t. 

They are so impressive because they have learned in great detail the ins and outs of their enterprise’s network, the enterprise business, and the people of the enterprise. Somehow, they are able to recognize suspicious and malicious things seemingly instinctually. 

This is where Knowledge Representation and Reasoning (KR&R) comes into play. With KR&R we are able to capture the expert’s knowledge and logic in such a way that computers can use it. It makes absolutely no sense whatsoever to just ignore expertise such as these cyber guys have accumulated. Why reinvent what is already so powerful... human knowledge and logic? 

Read More »

Subscribe to Email Updates

Subscribe via RSS to the blog

Recent Posts