ChannelLife Australia logo
Industry insider news for Australia's technology resellers
Story image

Taking a data-driven approach to SOC operations

By Contributor
Wed 1 Jun 2022

Article by ThreatQuotient VP for international Cyrille Badeau.

Today’s escalating threat landscape means that security operations teams face a multitude of challenges. This can make it challenging for them to keep pace with the sheer scale of threats, tactics and techniques that bad actors frequently use.

When you consider recent ransomware attack statistics, it is easy to see that cybercrime has intensified, with a record-breaking number of threats of increasing severity taking place year-on-year. In fact, according to Cybersecurity Ventures, ransomware is expected to attack a business, consumer, or device every 2 seconds by 2031, up from every 11 seconds in 2021. Global ransomware costs are expected to rise from USD$20 billion in 2021 to $265 billion by 2031.

SOC teams are drowning in data

SOC teams are under pressure to detect security events and rapidly respond, and this is hard to do when they are drowning in data. As the number of devices, elements and sources of data increase, so does the number of tasks associated with processing that data into anything useful that the teams can utilise. Add to this the introduction of many new cloud environments, especially with the ‘new normal’ hybrid and remote workforce and this also generates a staggering array of event data.

Inevitably, security analysts can find themselves becoming fatigued with the volume of alerts as they face a growing backlog of investigation tickets that need to be resolved. Consequently, it is easy for ‘real’ alerts to get missed.

Furthermore, a lack of strong technology integration tools used for detection and investigation of incidents can also impede security analysts. Many security technologies simply don’t interoperate and integrate well or easily, and sometimes they don’t have the ability to integrate at all. This can lead to SOC teams struggling to align data sets and coordinate detection and response across disparate technologies.

A lack of resources is compounding the issue

SOC teams often face a lack of resources and skilled experienced analysts capable of understanding how to detect and respond to security incidents. To this point in the 2021 SANS SOC survey, lack of skilled staff was cited as the greatest barrier to full SOC utilisation. Add to this a real lack of unification in teams, whereas most SOC teams rely on a partnership with IT operations and other developer teams across the business. However, often these teams work in silos with little integration and cooperation between them which means that detection and response to incidents can be hindered or limited at best.

As a result of the key challenges outlined above i.e. a lack of resources, limited cooperation and integration with other IT teams, a lack of technology integration and the sheer data overload of alerts and other notifications, the job of the security operations and threat intelligence teams is becoming increasingly difficult. On the one hand they need all this data to understand more clearly what to look for and how best to prioritise. On the other hand, the sheer quantity of data, many tools and processes are now ingesting and producing is overwhelming for teams already taxed with many other security operations tasks. 

A more unified and centralised approach

This is where an extended detection and response (XDR) solution helps because it aggregates data between disparate security technologies to provide a more unified, centralised, and consolidated system. These systems ingest data from a wide variety of sources, normalising all this data (including removing any duplicate data) and correlates this to inform security narratives.

This then helps to facilitate and prioritise threats for investigation and focused detection, integration, and response. It translates data for both investigation and responses and also exports to other tools and services for remediation. For example, it also integrates with SIEM, NDR, EDR, SOAR and sandbox tools and many others. This enables organisations to undertake customised risk scoring and reporting so that the business can accurately highlight the areas that they are most interested in analysing.

Once data has been ingested, the platform compiles a threat library that includes a wide variety of threat details, including adversaries, indicators of compromise (IoCs), attack patterns, malware, vulnerabilities, documented incidents, campaigns and more.

Taking a data-driven approach

In today’s escalating threat environment, security is high on the C-suite agenda where directors are demanding that SOC teams rapidly respond and neutralise threats to the business. The only way to deal with this is through automation so that the SOC team can more easily aggregate a wide variety of data into a single location for analysis and correlation. Therefore, for those businesses that want to organise security threat data and become more productive with better and more efficient insights across the SOC teams, they should look at using an extended detection and response solution.

Related stories
Top stories
Story image
Hands-on review: Samsung Galaxy Z Fold 4 smartphone
With its new range of foldable phones, Samsung has definitely brought a vibrant new energy to the smartphone market.
Story image
Crypto crime: Illicit activity falls with rest of market
Cryptocurrency scams, which typically present themselves as passive crypto investing opportunities, are less enticing to potential victims.
Story image
Cloudera launches all-in-one data lakehouse cloud service
CDP One makes it faster, easier and less risky for businesses to move to the cloud and migrate existing workloads to a modern data architecture.
Story image
Lenovo launches CO2 Offset Service for SMBs across A/NZ
Lenovo has announced the rollout of a new, first-of-its-kind CO2 Offset Service for SMBs across Australia and New Zealand. 
Story image
SAS awards Zencos as the 2022 A/NZ Partner of the Year
SAS has recognised US-based financial crimes and data consulting firm Zencos with the 2022 Australia and New Zealand Partner of the Year award.
Story image
ValueFlow and FLI announce capital alliance for enhanced channel outcomes
ValueFlow and Founder Led Investments (FLI) have announced that they have entered into a capital alliance, which looks to expand ValueFlows business in Australia and Asia Pacific.
Story image
10 misconceptions about Techday and how it operates
Even with 17 years in the tech news space, Techday still finds that there are a range of things people misunderstand about how we operate.
Story image
Microsoft announces Pax8 as indirect CSP distributor in A/NZ
Microsoft has recently announced Pax8 as a Cloud Solution Provider (CSP) indirect distributor in the A/NZ region.
Story image
Data breach
Weak breach data disclosure laws for IP theft leaves vital Australian industries vulnerable
Infoblox has seen unprecedented levels of demand for cyber protection from companies outside of the Critical Infrastructure Act who have discovered security events and those who fear falling victim to IP theft.
Story image
Hands-on review: OPPO Find X5 smartphone
With the release of the new OPPO Find X5 in March, we got the opportunity to explore another one of their premium devices.
Story image
Claroty research unveils new attack that targets PLCs
Claroty has released research detailing a new type of cyber-attack, one that weaponises programmable logic controllers (PLCs).
Story image
Collaboration app market revenue grows 28.4% year-over-year
IDC has found that global revenues in the collaboration applications market grew 28.4% year-over-year in 2021 to $29.1 billion.
Story image
CISOs need to consider a risk-based cybersecurity strategy
Rather than talking in terms of attack vectors and vulnerabilities, CISOs and security decision-makers must look at actual business risk.
Story image
Schneider Electric
Schneider Electric launches SM AirSeT in Australia
The new medium-voltage switchgear uses pure air and vacuum interruption, completely avoiding SF6 greenhouse gas.
Story image
8x more users attacked via old Microsoft Office vulnerability in Q2
"Criminals craft malicious documents and convince their victims to open them through social engineering techniques."
Story image
Facial recognition
Benefits vs risks of facial recognition technology
Once a distant, futuristic concept, facial recognition technology is now found in many technological applications with a variety of different functions. 
Story image
Exclusive: Marmalade empowers businesses to take control of their cash flow
Marmalade has been making waves in the invoicing space across Australia with its world-first invoice payments platform.
Story image
AU retailers rate their states for doing business
Retailers are optimistic about economic conditions and potential for business success in their own states, despite the current economic climate. 
Story image
Unified Communications
Gold Coast private hospital improves comms with Alcatel-Lucent Enterprise solutions
With further demands placed on health workers as a result of the pandemic, they need efficient and adaptable solutions that help them effectively serve their communities.
Story image
Digital Transformation
Common challenges in the evolving digital world, and how to overcome them
Five technology challenges that will help highlight potential pain points and suggest how to circumvent or overcome them on the path to a smooth digital transformation.
Story image
Fortinet attributes Gartner-reported growth to ZTNA approach
Zero-trust is slowly becoming a dominant enterprise security strategy for businesses, and the Gartner report highlights that although prominent, it is often underutilised.
Story image
Home Entertainment
Hands-on review: TCL 65″ C835 Mini LED 4K Google TV
We introduce you today to a TV that brings the height of immersion to your viewing experience: The TCL 65″ C835 Mini LED 4K Google TV.
Story image
Hybrid working success relies on the return to office
A reluctance to return to the office is impacting a would-be hybrid working model, instead leaving businesses with a mostly-remote workforce.
Story image
Whispir reports significant revenue growth as CaaS market expands
Australian cloud platform Whispir has announced its financial results, reporting significant growth as it continues to introduce new Communications-as-a Service (CaaS) offerings to the market.
Story image
Hands-on review: Huawei Watch D smart watch
The Huawei Watch D is the latest flagship smart watch from the Chinese tech giant, and it's further proof that the company is more than capable of competing with the likes of Samsung and Apple in the highly competitive wearable market.
Story image
Study looks at gender dimensions of AU security sector
A new study will explore solutions to overcome pressing skills and diversity challenges in the Australian security sector.
Story image
Hands-on review: JBL Flip 6 portable speaker
Once you switch it on, and listen away for up to 12 hours, you will quickly realise that this is a little speaker looking for a party.
Story image
Hybrid Cloud
The essential guide to digital transformation by SolarWinds
Digital transformation is a buzzword thrown around all the time by companies, but what does it actually mean and why is it important? SolarWinds breaks it down.
Story image
Machine learning
Sysdig releases CDR offering to combat cryptojacking
Sysdig has unveiled a cloud detection and response (CDR) offering powered by machine learning to combat cryptojacking.
Story image
Education sector seeing highest volumes of cyber attacks
When breaking down the numbers to education attacks by region in July 2022, A/NZ was the most heavily attacked.
Story image
Samsung introduces new generation of foldable smartphones
Samsung has unveiled its new range of Galaxy Z smartphones, bringing new developments to the company’s foldable smartphone portfolio.
Story image
Network Management
Superloop helping Aussie K12 schools with latest offering
Superloop has launched CyberEdge, a new cybersecurity platform that will give K12 schools in Australia the tools to optimise, secure and manage their network.
Story image
Home security
Hands-on review: Eufy Wire-Free Dual Cam Video Doorbell 2K
We have had our house secured by Eufy products for over seven months now. We love the brand, and it has never let us down.
Story image
Cloud Security
Lookout named Strong Performer in 2022 Gartner Peer Insights
Gartner has recognised Lookout as a Strong Performer in the 2022 Gartner Peer Insights Voice of the Customer for Security Service Edge (SSE).
Story image
Hands-on review: Arlo Go 2 security camera
In my humble opinion, Arlo Go 2 offers security for anyone needing to keep a remote eye on prized possessions or premises at different locations.
Story image
Cyber attacks
Dramatic uptick in threat activity with exploits growing nearly 150%
"While it’s not a surprise given increased attack opportunities like remote work, it’s still a worrying development and one we cannot ignore."
Story image
Tech job moves
Tech job moves - Fastly, INX, Kinly, SmartBear & Vectra AI
We round up all job appointments from July 29 - August 12, 2022, in one place to keep you updated with the latest from across the tech industries.
Story image
Data Protection
Zero Trust, but verify - finding the OT in ZerO Trust
The move to remote and cloud-based technologies has shifted the goalposts for cybersecurity. It now needs to cover multiple people, devices, platforms, and networks.
Story image
New range of Samsung Smart Watches announced with health focus
Samsung has announced new additions to its SmartWatch portfolio, with the Galaxy Watch5 and Galaxy Watch5 Pro to be released in late August.
Story image
Australian IT security concerns higher than before pandemic
Australian organisations are more concerned about cyberattacks than they were prior to the COVID-19 pandemic, according to a new survey.
Story image
Organisations exposing highly sensitive protocols to public internet
More than 60% of organisations expose remote control protocol SSH to the public internet, while 36% of organisations expose the insecure FTP protocol.
Story image
Motorola acquires radio comms provider Barrett Communications
Motorola Solutions says the two companies are united in delivering vital communications that organisations worldwide depend on.