Name: How to Automate Alert Triage to Improve SOC Performance
Start: 2023-01-26T14:52:00Z
End: 2023-01-26T15:44:46.000Z
Location: BrightTALK
Rating: 0

Devo is the only cloud-native logging and security analytics platform that releases the full potential of your data to empower bold, confident action.  With unrivaled scale to collect all of your data without compromise, speed to give you immediate access and answers, and clarity to focus on the signals that matter most, Devo is your ally in protecting your organization today and tomorrow. 

The Devo headquarters is in Cambridge, Massachusetts and we have our European headquarters in Madrid. Devos are devoted to helping our customers—including the largest financial services, retail, manufacturing, media, technology, and government organizations—gain real-time, actionable insight from their data at cloud scale. Learn more at www.devo.com.

Our recent SOC Performance Report™ found that SOC leaders continue to face challenges retaining SOC analysts amidst talent shortages and high turnover. To be specific, the survey found that 71% of security professionals are likely to quit due to a combination of persistent issues working in the SOC.

So, how can SOC leaders improve working conditions in the SOC, recruit and hire top-tier talent, and prevent talent churn?  Kayla Williams, CISO of Devo, moderated this panel discussion with SOC managers from H&R Block, FanDuel, and Accenture. These professionals shared how they grow and retain their teams, how they’ve leveraged automation to improve workloads, and explained how you can do the same.

Topics covered include: 

Highlights from Devo’s most recent SOC Performance Report, including which factors contribute most to SOC burnout, mental health issues, long hiring cycles, and SOC inefficiencies. 
Insights on modern-day cyber recruiting, including how to retire outdated barriers of entry into cyber career paths.  
How to leverage automation to improve workloads and, ultimately, overall job satisfaction so you can retain your top analysts.
A concluding Q + A session.

Hiring and Retaining SOC Talent — and Where Automation Fits In

Maricopa Community Colleges faced a common challenge - receiving too many suspicious login alerts from their G Suite. It was tedious and difficult to investigate every alert and they did not have the resources to manually follow up with every user to determine whether this was an actual attack on their systems.

SOC Automation Case Study - Maricopa Community Colleges

Are you straining to scale your security analysts and defenses to stop attackers?

If so, you’re not alone. Combating today’s threats requires new approaches to how your SOC manages its data, analytics, and expertise. Watch the on-demand webinar with SANS expert Chris Crowley and Devo Senior Solutions Engineer Michael McGinnis as they explore innovative ways your security team can thrive in the era of massive data growth, talent shortage, and constantly evolving threats.

The Journey to the Autonomous SOC with SANS

Sicherheitsbeauftragte stehen heute vor einer überwältigenden Anzahl an Herausforderungen. Ihre Aufgabe ist es, komplexe Infrastrukturen und Applikationen im Zuge der Verlagerung in die Cloud, der digitalen Transformation und des Risikomanagements zu sichern.

Devo Showcase: Der Pfad zum eigenständigen SOC

Running an efficient SOC is more important than ever, yet many teams struggle with complex cyberthreats, a multitude of alerts, disparate systems, and poor threat visibility and context.
Overburdened and under-resourced analysts are bogged down with tedious manual processes. As a result, threat detection and response is compromised – not only in effectiveness and accuracy, but speed as well.
 
The solution is Devo. The only cloud-native logging and security analytics platform that provides the most scalable and performant log management for full visibility across the organization, accurate threat detections and security content, and automated alert triage, investigation, and response at machine speed, boosting the efficiency of analysts by 10x.

Join Stephen Morrow, Head of Pre-Sales at Devo, and LogicHub founder Kumar Saurabh for an interactive discussion of how to modernize your SOC approach, improve security, and reduce costs.

We’ll cover how to: 
• Detect threats in real time across your organization
• Build and deploy sophisticated playbooks in under 30 minutes
• Reduce false positive alerts by 95%
• Significantly reduce analyst workloads 
• Improve MTTR by 10x

The Path to the Autonomous SOC

As the attack surface expands further and threat actors become more advanced, security teams are eager to better understand the tactics and techniques different threat groups are actively employing to mature their information security programs using the MITRE ATT&CK framework.

The team of Devo’s data scientists and cybersecurity experts, SciSec, created the MITRE ATT&CK Adviser. This is one of many ways SciSec is shifting security teams from reactive firefighting to proactive defense.

Watch this webinar to see how The MITRE ATT&CK Adviser enables your SOC team to:
- Leverage a dynamic MITRE ATT&CK matrix coverage heat map to identify coverage gaps that you may have across detections and data sources.
- Get clarity into commonly employed techniques used by threat groups and nation-state threat actors applicable to your geography and industry.
- Watch a demo of the MITRE ATT&CK Adviser Application to see how it can help you operationalize the MITRE ATT&CK matrix to strengthen your defenses.

Operationalizing MITRE ATT&CK for Your SIEM

Are you finding it hard to scale your SOC? Does your cyber security team need to make compromises with their legacy SIEM, leaving yourself vulnerable? 

These are common trends we hear when we talk to companies about their legacy SIEM. It’s also why more companies are now switching to Devo, a cloud-native next-gen SIEM solution. 

Watch our next showcase with Mickey, our APAC Cybersecurity Strategist, where we go over a 101 on what Devo is and how we’re helping more organisations transform their SOC in the APAC region.  

This webinar covers how Devo allows you to:

Manage Less: Spend more time finding and resolving threats and less time managing a legacy non-cloud-native SIEM.
Deploy Faster: Get up and running with rapid data collection of known or unknown data sources and flexible search operations to carve your data however you need it.
See More: Centralize all data, leverage deep extensibility to maximise your team’s effectiveness, and collect all the relevant information — in a single location.

Devo Showcase - Defining a Cloud-Native SIEM

Migrating your SIEM might seem like an intimidating project. However, the many benefits of deploying a next-gen SIEM in your organization’s security arsenal are evident when it comes to scale, cost and complexity.

The Devo technical services team has helped hundreds of customers migrate from their legacy SIEM, and we want to walk you through the 4-step process for this exciting — and critical — project.

Watch this webinar to learn: 

How to prepare for a SIEM migration
Common migration strategies
Devo’s 4-step migration process
Best practices we’ve seen with our customers to make the process less painful than expected

Demystifying SIEM Migration with Devo

Are you confident in your Log4j threat remediation?

Watch this on-demand webinar to learn how your organization may still be at risk and what you can do to properly remediate. In this session with our VP of Success Services, you’ll learn how Devo equips threat hunters to quickly identify compromised systems leaving no IOC unidentified.

Log4j Remediation Technique Flaw Discovered

AI & Automation Driven Detection & Response

Five Steps to Building a Stellar SOC with a Small Security Staff

AppetAIzing Automation: Automated Response - Blocking IoCs with EDR

AppetAIzing Automation: Enriching Alerts with a Reputation Service

Customer Perspective: The Changing Role of the SOC Analyst

AppetAIzing Automation: How to Automatically Analyze Phishing Emails

Security for All: Democratizing AI & Automation

Expert Humans vs. Expert Machines: Next Gen Threat Detection Will Require Both

Building Out an Automated Security Approach for Compliance

The Importance of Automation for Cost-Effective Managed Security Services

Security Fundamentals for Maximizing Security on Limited Budgets

SOAR-ing to New Heights: Get To Know Devo SOAR

Every enterprise security team is faced with the same challenge: too many alerts and not enough analysts to deal with them. Devo SOAR empowers our customers to optimize and streamline their SOCs using advanced automation. Customers see upwards of a 10X improvement in MTTR, can address 10 to 20x more alerts with the same number of security analysts, and realize up to a 95% reduction in false positive alerts.

Learn how to do the same thing in your SOC! In this webinar, Kumar Saurabh, VP of SOAR Strategy and Innovation at Devo, shows how to take your noisiest alert, build a playbook, and measure the results.

Additionally, Devo SOAR partner, NeoSecure, shares how they leverage Devo SOAR to boost their SOC performance and streamline alert triage.

How to Automate Alert Triage to Improve SOC Performance

SOAR

Alert Triage

Phishing

Phishing Triage

Security Automation

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

How to Automate Alert Triage to Improve SOC Performance

Presented by

About this talk

More from this channel