Revisiting the SOC Structure

Building and maintaining skill sets and expertise in a SOC is a difficult task – and many security leaders face this challenge. They are not able to retain best of the talent for long term. There are too many tools for them to invest in,,, too many alerts that pop up when the tools are…

Building rockstars in SOC

What makes detection most effective? I know you are thinking technology. However, if you have been in the security operations domain for long, you know the answer. It’s the “people” who use the technology. As a infosec leader/member for your organisation, you should continuously look for methods and tools that make your teams better and…

Reducing The Noise

Today, enterprise infrastructures are borderless and are generating more data than ever. Coupled with the fact that more and more breaches are happening every year, it’s not a matter of “if we get breached”, it’s “when we get breached.” Organizations not only require a team of skilled security professionals, but also advanced security controls to detect and respond…

Why SOCs Need Security Analytics?

In the last few year, I’m sure you have used or heard the term “security analytics” more than any other industry term. However, many people are still trying to figure out what it’s really about. I’d like to share some of my thoughts on security analytics, and what it can for any organization. Most security incidents are caused…

My Kinda SOC

A Security Operations Center(SOC) helps enterprises detect,respond and investigate security incidents. As breaches continue to grow, more enterprises are looking for building or outsourcing their SOC. This blog lists some of the capabilities that today’s SOC should have. This, of course, is my own view and I welcome you to send any comments via Twitter – follow…

The Case of Threat Intelligence in ETDR

It seems like every day we’re hearing about a new major security breach that’s affecting thousands, if not millions. Cybercriminals have many motives, and no organization should consider itself invulnerable. These attackers are advanced and have been able to penetrate deep layers of defenses. Years ago, organizations thought that technologies like Antivirus(AV), firewalls, Host Intrusion…

Another day. Another Ransomware.

TeslaCrypt is a ransomware trojan that targets computers with user data and specific computer games installed. Once the system is infected, the malware searches for various file types related to personal documents and different games, including Call of Duty series,World of Warcraft, Minecraft and World of Tanks, and then encrypts them.  The victim is then prompted with a…