Four Most Common Deficiencies of SOCs

For most of the time, areas that rankle SANS survey respondents the most about SOCs can be addressed with the right combination of planning, policies, and procedures.

The SANS Institute pinpointed the four most common SOC deficiencies in this year’s edition of its annual security operation center (SOC) survey.

The core of these deficiencies can be traced to a familiar source: people, processes, and proper planning and implementation of technology. Let’s take a look at the worst four and what security teams can do about them.

1. Automation/Orchestration

Most SOCs fall back in automation and orchestration because the SOC team is not aware of the processes that should be automated. Company employees are its first line of defense. Start by interviewing SOC personnel to understand their responsibilities and identify repeatable processes, such as evidence gathering during an incident (IP/URL reputation, information, etc.) that are time consuming and easily automated.


Read the entire article here.

8 Key Ways Security Automation and Orchestration Tools Transform Security Operations

In the attempt to stay ahead of cyberattackers, more and more companies turn to a new category of security tools: security automation and orchestration solutions.

Gartner, which named the products as Security Orchestration, Automation and Response (SOAR) solutions, reported that less than 1 percent of businesses with more than five IT security professionals were using SOAR tools by the end of last year. Furthermore, the firm predicts that by 2020, 15 percent of those organizations will be using the tools.

Enterprise Strategy Group (ESG) found somewhat higher numbers of enterprises using SOAR tools. According to their research, “19 percent of enterprise organizations have adopted security operations automation and orchestration technologies extensively, 39 percent have done so on a limited basis, and 26 percent are currently engaged in a project to automate/orchestrate security operations.”

DFLabs has been listed among the leading security automation and orchestration vendors around the globe.

Read the entire article here.

John Moran to Reveal Best Practices for “Live Box” Forensics at SANS Threat Hunting and IR Summit

DFLabs’ Senior Product Manager and an expert in security operations, incident response, digital forensics and investigations John Moran, will present best practices for using “live box” forensics at the upcoming SANS Threat Hunting and Incident Response Summit in New Orleans on September 7, 2018.

As organizations experience an increase in complex cyber threats and advanced attack techniques, such as the use of file-less malware, security operations personnel are turning to the use of “live box” forensics in threat hunting, despite its perceived risks and pitfalls. With this in mind, John will detail the Dos and Don’ts when conducting “live box” forensics for threat hunting and provide a best practices framework for incident response teams. Moreover, he will use a newly released free Windows tool that automates data acquisition to demonstrate “live box” techniques.

Learn more about the Summit here.

This press release was originally published on Business Wire. Read the full press release here.

What Happens When You Combine SOAR with Existing Security Technologies

Security teams and Security Operations Centers across the industry face many similar challenges, some of which include increased workload, budget constraints, competition for skilled analysts and repeating manual processes.

Managed Security Service Providers (MSSPs) are facing many of these challenges, multiplied by the scale at which they operate.  Enterprises across the globe are increasingly turning to Security Orchestration, Automation and Response (SOAR) solutions to address these growing challenges.

It now seems clear that SOAR is not just a feature. It is actually becoming a critical component of an advanced security program.  Our existing manual processes simply do not scale to the level they must.

Enterprises cannot continue to respond to today’s growing security threats effectively without some level of automation and orchestration.  Gartner predicts that the adoption of SOAR solutions will increase enormously over the next several years.

Read the entire article here.

Oliver Rochford @ITSPmagazine: The Truth Is That Threat Hunting Is More Art Than Science

DFLabs’ Vice President of Security Evangelism, Oliver Rochford, with a new article for the Experts Corner by ITSPmagazine titled: “The Truth Is That Threat Hunting Is More Art Than Science”, where he goes into more detail on the threat hunting reality today. Even though organizations now have much better threat hunting technologies and tools than ever, still cyber investigations require human analysis in order to be effective.

Read the full article here.

Oliver Rochford @DarkReading: 3 Ways to Retain Security Operations Staff

DFLabs’ Vice President of Security Evangelism, Oliver Rochford, with a new article for Dark Reading, titled: “3 Ways to Retain Security Operations Staff”, where he expands on the topic: shortfall in cybersecurity professionals and especially, security operations center – SOC analysts. In there, Mr. Rochford proposes tips and ways to retain highly skilled security professionals once you combat the first part of the problem which is finding and hiring them.

Read the full article here.

DFLabs Wins Bronze Softshell Vendor Award in the Softshell Vendor Report 2017

DFLabs IncMan – Security Automation & Orchestration Platform is honored to have won the Bronze Softshell Vendor Award.

dflabs bronze softshell vendor award


DFLabs is pleased to win the Bronze Softshell Vendor Award in the third edition of the Softshell Vendor Report 2017 . We are happy to have been featured in the report, recognized for its high-quality level of information, insights, and intelligence within the B2B cybersecurity industry.

Softshell is a cybersecurity solutions distributor with its headquarters in Munich, Germany. Unlike other distributors, who cover a broad scope of Information Technology vendors and solutions, Softshell has its exclusive focus on cybersecurity vendors.

Download the report Softshell Vendor Report 2017 here.

Oliver Rochford @CSOonline: Too much technology and not enough people

DFLabs’ VP of Security Evangelism, Oliver Rochford, with a new opinion piece for CSOonline titled “Too much technology and not enough people”, where he talks about the fact that no matter how advanced and sophisticated the technology you use to protect your computer network is, it still needs to be monitored and controlled by people, so that you can make the most of it.

Read the full article here.