Security Monitoring and the ASD ISM

Comparing legislative and compliance security frameworks, you will see a definite synergy in what they suggest is important to security monitoring. Interestingly, their focus isn’t on collecting every piece of information and security-related event, then trying to figure out what to do with it. What you need to do is understand the value of specific log sources in your ability to detect threats, then tune them to make sure you get the optimum flow of information from them.

Read More

Explore The Zero Trust Cyber Security Model

A contemporary defensive cyber security model, known as zero trust, requires organisations to fully develop and integrate the means to detect unwanted or suspicious behaviour throughout their business architecture. The legacy view that cyber security is fought on the perimeter battlefront doesn’t respect that most attacks originate from internal systems and applications already compromised. So, what does a pivot to zero trust mean for organisations who are keen to adopt this comprehensive approach to cyber security?

Read More

How to Improve Security Monitoring in your SOC

In an earlier blog post we looked at how security operations centre (SOC) teams can shift their services up a gear, through better automation, behavioural analysis and threat hunting. The concept of threat hunting isn’t new to security operations; yet, it’s one of the most misunderstood functions a SOC team performs.

Read More

Combat Insider Threats with your SIEM

Monitoring privileged access from your SOC is the best way to detect potential insider threats.  Recently, several news stories have shown how important it is to have the tools in place to manage the threat of rogue employees with too many privileges. Facebook, for example, had to fire multiple employees for, “snooping on users,” according to one story reported on Motherboard[1].

Read More

Choosing a SOC Service Model: The Key Considerations

What factors do CISOs take into account when choosing a SOC service model?  Information security is high on the agenda of every UK and Australian board these days, especially given the changes in privacy legislation and mandatory data breach notification. However, security is a highly complex issue and requires a deep conviction throughout the business to be successful. 

Read More

Three Levels of SOC Maturity: Steps for Continual Service Improvement

Those who run security operations centres (SOC) acknowledge that the more automation built into the service, the more likely analysts will have the time to hunt for threats. Yet, the path to SOC maturity isn’t one that most SOCs follow. This blog looks at three levels of maturity that SOCs can pass through before being properly integrated with the rest of the business’s service management processes.

Read More
1 2 3