Putting final touches on Q2 threat report - stats on orchestration:
- 77% of alerts our #SOC triaged were backed by orchestration - “when alert fires do this”
- Automated remediation actions took 7 min to complete vs. ~2 hours for manual actions (+1640%)
This is the way.
Your aim w/ a solid #SOC metrics program is operational control. When you see something happening in your data (e.g. work time is up for suspicious logins) you know what levers to pull to bring resolution to a given problem.
"If we do this, *that* will happen."
That's the aim.
@jhencinski really like how you're thinking about alert fix and alert wait times. As you think about leading indicators, do you ever consider how many "mediums or lows" (e.g. recon, prob'ing) are themselves leading indicators of future "highs or criticals"?
Leading indicators are forward looking and provide insight about where you’re headed.
Lagging indicators look backwards and provide insight into what’s already happened.
How to use leading and lagging indicators in a #SOC? A quick 🧵.
@TatianaTMac Effective tax rate, cost of borrowing, the ability to use leverage, access to financial and tax advice, QSBS, cost segregation, tax deferred savings, HSA, 529, 401k, capital gains tax, S-corps, estate taxes...the list goes on and on
@amcdnl@onepeloton@tonal Don't disagree, that said, I sold my Peleton for almost as much as I paid for it on Craigslist, but that may have been due to the pandemic. Will be trying out the Tonal here shortly, it's on order.
In case you were wondering if all that security awareness training was working, listen to @BradSmi talk about how @Microsoft got hung up on, trying to notify customers of the Solarwinds breach.
https://t.co/fmtwWkI8FN
Time for some virtualization cyber hygiene, patch your VMware infrastructure and for god sake don't make it internet accessible, VPNs are your friend! There is POC code available, its race between your patch and you being targeted #CVE-2021-21972
https://t.co/D3gXkCoFaL
Writing up a few takeaways from the Senate hearing on #Solarwinds but I wanted to give a shout-out to Kevin Mandia at @FireEye. I felt his testimony reflected a goal of improving security & communications in the US & as a vendor, the 1st to disclose is terribly hard, thank you.
As excited as we are for Adobe Flash to go away, if you or users in you environment are Google Alerts users like I am, be careful of those news indexs being used to spread malware https://t.co/bf5IA8EEzC