Hardening against common threats can not only reduce alert volume, but also may stop many attackers before they get access to networks.” “SOCs can mitigate alerts using hardening rules capabilities (.). Microsoft has also documented this clearly in the published “ Digital Defense Report“: On the other hand, system hardening also helps in the detection and response environment. On the one hand, the protection of IT systems is significantly increased, and attacks can go nowhere thanks to comprehensive system hardening. Sustainable system hardening helps in many different dimensions. When an attack is detected, alarm bells understandably start ringing at all ends. These use unnecessary services, unpatched applications or other attack surfaces to penetrate IT infrastructures and spread. Why system hardening can greatly reduce the burden on security teamsĪn unhardened system leaves the door open for “cyber-gangsters”. In other words, system hardening implemented on industry-proven standards does not exist. They have many vulnerabilities and gaps, which can accordingly be easily compromised. These resources must be available to ensure that events can be processed near real time.Īnother eminent cause lies much deeper: the systems monitored by anomaly detection systems are usually not securely configured. After all, when countless data are received, parsed, unified, analyzed and compared, the more storage and computing load is created. And if you’re unlucky, there are also infrastructure problems. Understandably, this brings SOC staff to the brink of despair, as they can no longer see the forest for the trees. The result can be hundreds of alerts per hour. They simply “collect” logs and do not define clean thresholds. In this case, SOC managers do not precisely define the depth to which individual systems should be monitored. This leads to a large number of alarm messages. They do not distinguish between really important and relatively unimportant anomalies. For example, monitoring systems without professional tuning issue an extremely large number of messages. Many professionals simply don’t feel like constantly chasing false alarms due to misconfigured systems or poorly set thresholds. From a motivation perspective, turnover is high.The flood of incidents causes unrest, as they may be passed on to other areas of a company.In terms of time, some highly specialized employees spend most of their valuable working hours dealing with irrelevant issues.From a technical point of view, a very large proportion of the alerts turn out to be irrelevant or false alarms.It is not uncommon to see false positive rates of well over 50 percent. In addition, budgets for SOCs are too small.Īnother important reason is that SOC experts are often faced with an almost endless number of events and potential security incidents. This is due to a shortage of skilled workers, because companies can’t find the right people. Why is that? For one thing, in our experience, security operations centers are often understaffed. In practice, it turns out that SOC teams are often overloaded and can only detect and defend against cyber attacks and the like with a great deal of effort. At best, SOC specialists monitor all systems around the clock and immediately initiate appropriate and coordinated countermeasures in the event of cyber attacks, for example. 7) Conclusion What are the major challenges of a SOC team?Īll companies that work digitally and operate a large IT infrastructure should have a Security Operations Center (SOC) – either an in-house team or supported by a service provider.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |