SIEM 101 – Best Practices for Implementation
Security information and event management (SIEM) is about collecting, detecting, and responding. That is, collecting data into a single pane of glass...
MITRE
Want to Optimize Threat Detection & Response? 5 Patterns vs. 500 Rules
One vendor uses 5 patterns, the other uses 500 rules. What’s better?
Anyone who has configured a SIEM or UEBA (e.g., QRadar, Splunk, ArcSight,...
Amp up Security: MITRE’s SOC Strategies Go to 11. But Can We Go Higher?
MITRE strategy 10 says measure performance to improve performance. It’s important to set a baseline of where resources spend their time and energy —...
How to Improve Cross-functional Collaboration Between the SOC and IT?
As MITRE points out in strategy 9 of its 11 Strategies of a World-class Cybersecurity Operations Center, cross-functional communication is key to a...
A Single Pane of Glass Gives a Clear View of Security Operations
Previous strategies in MITRE’s 11 Strategies of a World-class Cybersecurity Operations Center stressed the importance of collecting the right data —...
The Goldilocks Principle for Accurate Security Data Collection
Strategy 6 of MITRE’s 11 Strategies of a World-class Cybersecurity Operations Center focuses on cyber threat intelligence (CTI) data. Strategy 7, on...