In today’s rapidly evolving threat world, cyber security is a constant game of cat and mouse. A typical security center (SOC) team receives 4,484 alerts every day and can spend up to 3 hours manually trying to understand which signals represent a real threat and which are just noise.
However, this model holds SOCs in a constant state of reacting to incoming high-priority alerts without leaving enough time to deal with less critical issues. Up to 62% of SOC alerts are ignored or ignored due to ongoing challenges around alert fatigue. Because analysts’ bandwidth is constantly being taken up by incident response, SOC teams are also unable to proactively prevent known vulnerabilities and vulnerabilities before they become apparent in an attack.
If SOC teams are going to respond to the script in incident response and adopt a proactive security approach, they need a cloud-native extended discovery and response (XDR) solution that integrates as part of a unified SOC. This model helps reduce the cognitive burden on analysts and delivers improved visibility for more comprehensive threat detection, investigation, and response.
Watch your attack position as the threatening players do
Today’s cyber defenders tend to think in silos. They solve one incident at a time and focus on protecting against individual threats. In contrast, attackers think in graphs—they look for the best path to their end goal by using the cloud’s interconnected environment to move sideways and compromise critical systems or resources.
Also known as attack mechanisms, these interactions represent a pervasive challenge for the cloud security community. A Microsoft study found that the average organization contains 351 exploitable attack methods that threat actors can use to gain access to high-value assets. Eighty-four percent of attack methods originate from online exposure, and 66% include unsecured information.
When organizations implement a more sophisticated security approach using tools from multiple vendors, it becomes difficult for SOC teams to identify attack methods because their siled tools cannot share all signature data or provide a complete view of their cloud environment. Instead, analysts must manually correlate data across different tools. This adds to an already heavy burden on SOC teams and can lead to false positives as analysts lack the visibility or multi-domain expertise needed to understand how a vulnerability in one area could lead to a breach in another part of their environment.
An integrated SOC can outsource this task by aggregating information across endpoints, identities, applications, and more to quickly and accurately identify potential attack paths. It can also help SOC teams understand which attack methods should be addressed first based on their potential impact on the business. This critical view is essential to enable effective security.
Connected security incidents require a connected response
Another benefit of deploying cloud-native XDR with an integrated SOC is that it can help analysts quickly connect the dots during an attack to respond quickly.
Consider the example of a user who clicks on a malicious email link and compromises their identity. Rather than an analyst manually trawling through logs to understand where the attack started and what actions were taken by the compromised identity, XDR can quickly flag suspicious activity and coordinate with other solutions under a unified SOC for a more connected incident response. Not only does this allow analysts to quickly understand the scope of an incident across data, applications, storage areas, and more, but analysts can go beyond XDR and elevate a risk profile to a vulnerable user to proactively prevent similar incidents with conditional access policies.
Some integrated XDR solutions can use AI to further accelerate incident response by automatically disrupting attacks. If human intervention is required, AI can also provide guided remediation with next steps and automated incident summaries to help SOC teams quickly react to an incident. As cloud environments continue to grow, and attacks become more sophisticated, AI-enabled security will be critical to thinking through large datasets and helping SOC analysts understand all the potential security implications of an attack.
While the volume of alerts fielded by SOC teams is unlikely to decrease anytime soon, organizations can use the tools to investigate and respond more effectively and efficiently, thereby reducing the burden on human defenders. When used as part of an integrated SOC, cloud-native XDR helps teams proactively mitigate incidents before they happen and accelerate incident response at attack speed.
It depends Read more for next-generation cloud-native XDR capabilities and an integrated SOC approach, check out our latest Microsoft Defender XDR announcements from Ignite.
Source link