How to Tackle the Data Challenge to Improve and Accelerate Detection and Response
I’ve discussed before how Security Operations Centers (SOCs) are now becoming detection and response organizations. But like most transitions, that shift doesn’t happen overnight. Three different areas need to be addressed – data, systems and people.
Many organizations today deal with data that is noisy and unstructured, decentralized without prioritization, and managed with spreadsheets. Their systems are disconnected and disparate, workflows are not orchestrated nor automated, and each system uses its own specific language which makes it difficult, if not impossible, to get them to interoperate. Finally, there’s a significant lack of skilled resources to get things done. And the security professionals they do have can’t keep pace because they’re bogged down by repetitive, manual tasks and operate in siloes. Each of these areas needs to be addressed to improve detection, gain a better understanding of threats, enable teams to collaborate and, ultimately, take the right actions faster.