Magic seems to be very popular at the moment. Just look at last week’s Britain’s Got Talent, which featured an improbable number of magicians in its line-up. These included ‘X’, the masked magician who was wearing something that looked suspiciously like an anonymous mask and managed to supposedly hack Instagram. A lot of cyber security technology seems to work like magic, so is this a coincidence? Is ‘X’ a reformed hacker turned stage magician? Spoiler alert: no.

Endpoint detection and response solutions – EDR as it’s more commonly known – act as enterprise surveillance and thus deliver a rich dataset to security professionals. But as with all advances in security, this rich data wasn’t always available in a speedy and cost-effective way. Yet, as a security professional in today’s always-on world, one of your key responsibilities is to efficiently leverage incoming data from every endpoint across your organization.

Breaches aren’t easy to deal with, especially if you are of the opinion that companies are people too. Having seen, been part of, and lent a shoulder to many a breach, here are nine of the common ways companies respond to breaches.

What is Incident Response? It’s a plan for responding to a cybersecurity incident methodically. If an incident is nefarious, steps are taken to quickly contain, minimize, and learn from the damage. Not every cybersecurity event is serious enough to warrant investigation. Events, like a single login failure from an employee on premises, are good to be aware of when occurring as isolated incidents, but don’t require man hours to investigate.

There has been much discussion of a “software bill of materials” (SBoM) lately, for use when addressing security vulnerabilities. Many are curious, wanting to learn more. Googling the term gives lots of positive descriptions. This post will go negative, describing problems with the concept.

In this latest SnapSecChat video series, our CSO, George Gerchow, talks about the imperative for building the next-gen security operations center (SOC) of the future. Why? Because today’s IT landscape is becoming increasingly complex and cloud-based.

Is your CSIRT team facing too many security alerts? Is your SOC has various security products that are jumbled together? Are you worried about setting the sensitivity of each product? How a severity level should be assigned to each imminent incident? These questions are hard to answer by today’s security professionals. However, security orchestration plays a crucial role in helping experts to address these questions.