< ciso
brief />
Tag Banner

All news with #soc tag

114 articles · page 3 of 6

CPR Act: Check Point's Unified Full Lifecycle Security

🛡️ Check Point Services has launched CPR Act, an expert-led unit that unifies security across the full lifecycle with continuous intelligence, coordinated action, and measurable outcomes. The service addresses fragmented products and visibility gaps by connecting research, monitoring, and response so each phase feeds the next. A dedicated team of researchers, analysts, and responders delivers clear, research-based insight for decisive action.
read more →

Visibility Gaps Overburden SOC Analysts and Raise Turnover

🔍 A commissioned Forrester Consulting study for NETSCOUT (October 2025) reports that 61% of respondents say analysts spend more than ten hours a week in the analyze phase. The piece argues this is not a time-management issue but a clarity problem caused by partial context, dispersed data, and incomplete logs that force manual correlation. It highlights how stronger Network Analysis and Visibility (NAV) can shrink investigations and reduce burnout, and positions Omnis Cyber Intelligence as a platform delivering packet-level truth, correlated metadata, hybrid visibility, and simplified, three-click investigations.
read more →

How MDR Can Strengthen Cybersecurity Across Education

🔒 Schools, colleges and universities face sophisticated, resource-rich adversaries that exploit sprawling, mixed on-prem/cloud environments, unmanaged BYOD and student behaviour. Outsourcing continuous monitoring to MDR providers delivers 24/7 detection, expert analysis and rapid containment. Choose providers that customize detection, integrate with operations and support remediation to reduce disruption and protect learning.
read more →

Making LLMs a Defensive Advantage Without Added Risk

🔐 Large language models (LLMs) are reshaping security operations as productivity tools, embedded components and attacker targets. The article argues organizations should treat LLMs as high-impact systems: define outcomes, model threats and assume models can be wrong or manipulated. Early deployments should focus on narrow, advisory workflows (for example, alert triage, investigation copilots and detection engineering) and always treat model output as untrusted. Practical controls include retrieval-augmented generation, scoped credentials and human-gated actions to limit the model's blast radius.
read more →

Automating Security Decisions to Counter AI-Driven Attacks

🔒 Security experts warn that defenders must embrace greater automation to keep pace with AI-powered attacks that operate at machine speed. Recent research, including CrowdStrike findings showing average breakout times falling to 29 minutes (and as fast as 27 seconds), highlights the urgency. Industry leaders recommend automating routine SOC work and responses to known threats while reserving humans for novel, high-risk incidents. Cultural shifts and revised risk appetites will be required to enable faster, autonomous mitigations.
read more →

Rethinking the Human Layer: Farmers vs. Mercenaries

🛡️ Employees are commonly labeled "the last line of defense," but this article argues that such expectations misplace responsibility. The real human layer is the trained security team—CISOs, SOC analysts and threat hunters—whose capacity is being consumed by high false-positive volumes and noisy user-reporting. Organizations should reduce alert noise, improve tooling and restore analyst capacity rather than relying on broader awareness programs.
read more →

Five Ways Broken Triage Raises Business Risk and Remediation

🛡️ Triage often increases organizational risk when investigators make decisions without execution evidence, when outcomes vary by analyst seniority, or when manual steps and escalations slow response. The article outlines five specific failures—lack of early evidence, seniority-dependent quality, slow time-to-decision, over-escalation, and repetitive manual work—and recommends execution-driven fixes such as using ANY.RUN interactive sandboxing to produce fast, observable behavior that enables evidence-backed verdicts, reduces rework, and shortens MTTR.
read more →

Scaling SOCs with Microsoft Defender Autonomous Defense

🛡️ The article outlines how organizations can scale security operations by combining Microsoft Defender XDR autonomous defense with Microsoft Security Experts services to reduce manual toil and accelerate containment. It argues agentic SOCs—driven by continuous signal correlation, automated decision making, and AI agents—are required to address alert overload and capacity constraints. Automated protection takes on routine investigation and response while expert-led hunting and managed detection handle escalations and continuously improve platform protections.
read more →

Operational Cost of Fragmented SOCs: Unify Now or Lose

🔍 New research from Microsoft and Omdia exposes how tool sprawl, manual triage, and alert overload are stretching security operations to a breaking point. SOC teams report using an average of 10.9 consoles, manually ingesting data frequently, and leaving roughly 42% of alerts uninvestigated. The study argues that unification, targeted automation, and governable AI-integrated workflows—centered on identity-to-endpoint controls—are essential to restore analyst capacity and reduce business risk.
read more →

Hands-On with NDR: Using Corelight Investigator in SOC

🧭 I spent a day using Corelight's Investigator NDR to learn how network detection and response supports SOC workflows. The interface prioritized high-risk detections, showed packet-level evidence and MITRE ATT&CK context, and let me dig into suspicious DNS, reverse shells, and exploit tool activity. Built-in GenAI provided step-by-step investigative actions, and integrations with SIEM, EDR and firewalls demonstrated how NDR enriches and correlates network telemetry for faster triage.
read more →

Scaling SOC Automation with Falcon Fusion SOAR Effectively

⚙️ Falcon Fusion SOAR simplifies SOC automation by enabling teams to start with single, high-impact workflows and scale to agentic, AI-driven orchestration. New capabilities — natural language Workflow Generation, a Test-and-Debug preview, and a Data Transformation Agent powered by Charlotte AI — lower the barrier to building reliable automations. It integrates endpoint, identity, cloud, and threat intelligence, keeps humans in the loop, and supports mature programs that adopt Charlotte Agentic SOAR for agent orchestration.
read more →

How CISOs Reduce Burnout and Cut MTTR Without Hiring

🛡️ Top CISOs are cutting MTTR and reducing SOC burnout by making sandbox execution the first investigative step. By automating triage and pairing automation with live, interactive analysis, teams resolve routine alerts faster and escalate less. Solutions like ANY.RUN deliver runtime evidence, extract IOCs, and produce concise reports so analysts act decisively without adding headcount. The result: predictable workloads, fewer decision points, and measurable gains in throughput and SLA performance.
read more →

Schrodinger's Cat and the Enterprise Security Paradox

🔒 Many security leaders live with a practical paradox: the organization that appears secure on paper often coexists with a messier, attacker-facing reality. The author uses Schrödinger’s cat to show that without direct observation—alerts, correlated logs, or third-party findings—you cannot know whether you are safe or compromised. The piece reframes security as an observation problem, urging measurement of telemetry coverage, operationalized threat hunting, and cultural change that rewards surfacing ambiguity rather than hiding it.
read more →

Gartner: Six Cybersecurity Trends Shaping 2026 Priorities

🔒 Gartner identifies six priority cybersecurity trends for 2026 that demand immediate attention from security and risk leaders. Key risks include uncontrolled agentic AI proliferation, global regulatory volatility, and the urgent need to plan for post-quantum cryptography. Gartner advises stronger governance to detect and control both approved and shadow AI agents, evolve identity and access management for machine actors, modernize SOCs with human-in-the-loop processes, and shift awareness programs toward task-focused, AI-specific behavioral training.
read more →

Smarter SOC Blueprint: Build, Buy, Automate Decisions

🔍This live session breaks down practical choices for modern SOCs, led by Kumar Saurabh (CEO, AirMDR) and Francis Odum (CEO, SACR). Expect clear guidance on when to build, when to buy, and how to automate without losing control. The webinar features a real customer case study, a side‑by‑side look at SOC models, and a ready checklist to reduce tool sprawl and improve outcomes. Register to simplify operations and make every tool decision count.
read more →

AI SOC Agents Transforming Triage and Threat Hunting

🛡️ Agentic AI is reshaping SOC operations by automating contextual triage and correlating telemetry across EDR, identity, email, cloud, SaaS, and network sources so analysts review machine-validated verdicts instead of raw alerts. The approach reduces missed threats and eliminates the need to sample low-fidelity signals. It also provides structured feedback for detection engineering and enables natural-language threat hunting that democratizes proactive investigations. Prophet Security emphasizes depth, accuracy, transparency, and seamless workflow integration to build analyst trust.
read more →

Four Key Challenges Slowing CISOs’ Security Agendas

🛡️ Many CISOs now expect a material breach within the next 12 months, yet four persistent constraints are holding back security agendas: weak empowerment and decision training for teams, difficulty keeping pace with enterprise AI adoption, slow use of AI in security operations, and acute talent and skills shortages. The article draws on surveys from Proofpoint, Cyera, ISC2 and others, and quotes practitioners who recommend clear prioritization criteria, holistic AI risk profiling, and targeted talent strategies to restore momentum.
read more →

What the Alien Franchise Taught About Cybersecurity

🚀 The author uses the Alien films to illustrate modern SOC challenges, arguing that threats enter unseen, tools create noise, and visibility gaps are lethal. The post highlights Unit 42 findings on faster exfiltration and critiques legacy SIEMs, advocating for a unified data foundation and AI-driven platforms like Cortex XSIAM. It recommends automation to accelerate response while preserving human expertise.
read more →

FortiSIEM 7.5 Adds Agentic AI and Data Sovereignty

🤖 FortiSIEM 7.5 introduces agentic-AI incident management and data sovereignty options to help multinational SOCs balance centralized operations with localized data storage. The release debuts FortiAI-Assist agents — an investigation assistant and a companion assistant — to automate multi-step threat hunting, evidence enrichment, and response guidance. It also includes a free IT/OT Windows agent that requires no centralized management, enhanced federated search, pipeline enrichment, advanced agent templates, and Osquery support for Linux and Windows.
read more →

2026 Cloud Security Report: The Emerging Complexity Gap

☁️ The 2026 State of Cloud Security Report, based on a survey of 1,163 senior cybersecurity leaders, identifies a growing "complexity gap" between cloud growth and defensive capability. It cites three drivers: fragmented defenses, understaffed teams, and threats operating at machine speed, and quantifies readiness shortfalls across detection, response, and visibility. Respondents favor consolidation — 64% would design security around a single-vendor platform to improve integration, accelerate response, and reduce operational friction.
read more →