02 Mar Q&A: Why SOAR startup Syncurity is bringing a ‘case-management’ approach to threat detection
Go to the full article Byron V. Acohido: The Last Watchdog
There’s a frantic scramble going on among those responsible for network security at organizations across all sectors.
Enterprises have dumped small fortunes into stocking their SOCs (security operations centers) with the best firewalls, anti-malware suites, intrusion detection, data loss prevention and sandbox detonators money can buy. But this hasn’t done the trick.
There is a gaping shortage of analysts talented enough to make sense of the rising tide of data logs inundating their SIEM (security information and event management) systems. In many cases the tedious, first-level correlating of SIEM logs to sift out threats has moved beyond human capability. Some 27 percent of IT professionals who partook in a survey conducted by next-gen firewall supplier Imperva at RSA 2018 reported receiving more than 1 million security alerts daily.
Now toss in the fact that digital transformation is redoubling software development and data handling complexities. This has exponentially expanded the attack surface available to motivated, well-funded threat actors. This, in short, is the multi-headed hydra enterprises must tame in order to mitigate rising cyber risks.
Enter SOAR, the acronym for “security operations, analytics and reporting.” SOAR, if you haven’t heard, is a hot new technology stack that takes well-understood data mining and business intelligence analytics methodologies — techniques that are deeply utilized in financial services, retailing and other business verticals – and applies them to cybersecurity. Go to the full article Byron V. Acohido: The Last Watchdog