The Need for a Modernized SOC for Hybrid Cloud

Cybersecurity has come a long way in the last decade. Improved standards (such as MITER), threat intelligence, processes, and technologies have greatly contributed to increased visibility, automation of information gathering (SOAR), and many manual tasks. Additionally, new analytics (UEBA/SIEM) and endpoint (EDR) technologies can detect and often stop entire classes of threats. We are currently seeing the emergence of technologies such as Attack Surface Management (ASM). These technologies are beginning to help organizations become more proactive and focus their efforts for maximum impact.

However, the move to the cloud and the accompanying expansion of the attack surface has greatly complicated the situation. The 2022 IBM Security X-Force Cloud Threat Landscape Report found that the continued expansion of hybrid he cloud environments is a major challenge for security teams. X-Force confirmed his 28% increase in new cloud vulnerabilities compared to the previous year. Additionally, vulnerable public applications running in cloud environments are a common target for attackers. It can be difficult for organizations to catalog all the applications running in their environment and ensure that they all remain patched.

This does three things:

1. Other data: The need to collect more security telemetry data to provide the necessary visibility. Most of this data is generated on cloud platforms, adding cost and complexity, especially since moving data between clouds isn’t free.
2. Other tools: Deploying and using more security tools to provide protection, visibility, and response to new cloud infrastructure (CWPP, ITDR, CDR, etc.). Security teams are often handed literally new security tools by their DevSecOps or CIO. This may be for convenience reasons (“this works on technology X”) or economic reasons (“it’s free on cloud Y”).
3. More complex UX and more alerts: More tools, more data, more moving parts bring more headwinds for security teams to stay ahead of attackers. They face additional integration and configuration work as they pivot from one to the other to track down threats, and a new UX to become experts. According to the 2023 IBM Global Security Operations Center Study, his SOC professionals surveyed said they saw only 49% of the alerts they should have seen during normal working hours, and about Two-thirds are low priority or false positives. Additionally, 81% of those surveyed said manual research is slowing them down. This is the most common drag on threat response time.

Finally, cost is increasingly a factor in decision making. All organizations are looking for ways to control costs by not only making their teams more productive, but also leveraging existing investments and leveraging “built-in” capabilities. Unfortunately, traditional tools with exponentially growing data volumes, additional security tools, and complex and costly licensing models pose significant headwinds.

Not surprisingly, 63% of organizations are looking to improve their security operations center’s detection and response capabilities.

The DNA you need for a modern SOC for hybrid cloud

Addressing these challenges requires rethinking some of the priorities that led to the current situation.

First, we need to dDesigning the analyst experienceHistorically, our industry has been very tool-driven and that was the priority at the time. But now we need to focus on our team, their productivity and job satisfaction. We need to reduce the UX complexity (variety, language, vocabulary) they have to deal with.

Second, you should take advantage of Expertise for built-in AI, automation and scaling Experts and heroes on today’s security team. They make it all work and can track threats across complex infrastructures. They are the go-to when urgent action and answers are needed. Automation and AI are at the heart of what it takes to make this happen. AI-enabled technology can help with everything from investigating threats to recommending remediation actions to do the heavy lifting for analysts. According to the IBM Institute for Business Value, days to detect and time to investigate cybersecurity incidents can be significantly reduced by 50% and 29%, respectively, with the adoption of AI..

Finally you have to enable Open systems and community collaborationThe reality of the cloud world is that security is federated across multiple systems. Organizations must choose which security systems to leverage in a way that doesn’t add complexity or burden teams with proprietary ecosystems and content. Open standards that facilitate collaborative integration and threat detection content are becoming increasingly imperative. According to the SANS Institute, 66% of security teams surveyed say they prioritize integrations that help improve security operations.

Announcing IBM Security QRadar Suite

QRadar has been the market-leading SIEM for over 15 years, with numerous innovations in analytics using NDR, UEBA, and AI (Watson for Cyber). The new IBM Security QRadar Suite is now expanded to include EDR/XDR and SOAR, as well as new cloud-native log analytics capabilities (Log Insights) for cost-effective collection, analysis, visualization and Very fast search is now possible. Data made easy at cloud scale. It integrates these capabilities into a single modular platform, enabling gradual adoption and providing users with a complete TDIR system. As each solution is adopted, it adds functionality, context, insight, and automation to the analyst experience. Little to no additional training or integration.

Watch a demo of IBM Security QRadar Suite

The new QRadar Suite not only enables all the core capabilities security teams need, but is specifically designed for the previously described DNA needs required for a modern SOC to secure hybrid clouds. increase.

Open systems and community collaboration

The new QRadar Suite is not only built on an open hybrid cloud platform (OpenShift), it also offers a cloud-native, elastic and resilient architecture and the choice of where and how (licensed software or SaaS, etc.) It not only supports the

For example, all QRadar Suite products support correlation and federated search of security findings from third parties, enabling organizations to leverage the tools they have today and the tools they will leverage in the future. can. No need to move any data. The suite natively leverages her MITER and SIGMA in threat detection, investigation, and response, enabling security teams to seamlessly move at the speed of the community to keep up with attackers.

Built-in AI, automation and expertise

The suite incorporates AI and automation innovations that have been shown to deliver an average of 55% faster alerting and prioritization in the first year, 8x faster response times, and 60x faster investigations. increase. In addition, the suite also includes continuously updated threat detection and response content from the X-Force team, using insights gleaned from working with thousands of customers around the world. .

The suite also includes new innovative automated investigation capabilities that automatically investigate alerts across multiple systems (leveraging federated search, threat intelligence, and SIGMA), no matter where they come from . A single, easy-to-use timeline that analysts can quickly review and act upon.

Designed with analyst experience in mind

QRadar Suite is designed around an integrated analyst experience that empowers security analysts through investigation, response, and threat-hunting workflows across EDR/XDR, SIEM, SOAR, and security log management (SLM). increase. This new integrated experience works not only with the IBM QRadar Suite, but with over 40 third-party technologies as it is based on open standards and federated search. Designed with our security team and experts, this experience is infused with their expertise and insight to help you understand the “what?”, “who?”, “where?”, “when?” And it brings up the important “what to do?” next? You want a simple, easy-to-use workflow.

Purpose-built for the demands of current and future security operations and hybrid cloud environments, QRadar Suite empowers SOC analysts to make better decisions faster while enhancing threat detection and response capabilities helps. Organizations looking to modernize their SOC can feel more confident and supported in the face of uncertainty and complexity.

Learn more about QRadar Suite here.

keep reading