The escalation of cyberattacks since early 2020 is requiring many companies to strengthen their security operations. Adversaries are taking advantage of new attack vectors – like IoT devices, insecure remote access mechanisms, and the multiple personal and work devices users now move between. They’re also leveraging human vulnerabilities, impersonating trusted colleagues and third parties to infiltrate organizations.

The SANS 2021 Automation and Integration Survey is now available for download, focusing on the question: First we walked, now we run – but should we? Let’s face it, we’ve talked about security automation for years. We’ve grappled with what, when and how to automate. We’ve debated the human vs machine topic.

Many CISOs I speak with across Europe tell me their cybersecurity teams rely on two, primary open-source platforms within their security operations (SecOps). The first is Malware Information Sharing Platform (MISP), that allows the storing and sharing of indicators of compromise (IoCs) with other MISP users. The second is TheHive, designed for security incident response (IR).