Security Operations Centers (SOCs) Are Now Becoming Detection and Response Organizations
More organizations are producing and consuming cyber threat intelligence than ever before, and those measuring the effectiveness of their CTI programs is higher than ever – jumping from 4% in 2020 to 38% in 2021, according to the SANS 2021 Cyber Threat Intelligence (CTI) Survey. However, a few areas where CTI adoption seems to be lacking are in integration, automation and operationalizing threat intelligence. The report find that teams rely on automation in the SIEM more, which is likely the reason why CTI adoption trails in these areas. SIEMs have been around for decades, designed to replace manual log correlation to identify suspicious network activity by normalizing alerts across multiple technology vendors. SIEMs were never designed to handle the full threat intelligence management use case or integrate with and handle the volume of data from modern security tools and technologies, like Endpoint Detection and Response (EDR), Network Detection and Response (NDR) and Cloud Detection and Response (CDR).