We all witnessed how merciless 2020 was for a wide range of organizations. Even the mightiest, most prestigious companies and enterprises are not exempt from the deadly grasp of sophisticated cyber attacks. What this means for security professionals is that they should take a proactive, rather than a reactive stance. But how do you anticipate the unknown? Many security professionals would wonder.

The COVID-19 crisis prompted a spike in ransomware attacks, which was expected, to say at least. In fact, Checkpoint research shows that in Q3 2020, there was a 50% increase in ransomware attacks compared to earlier periods of this year. And while this wave of ransomware attacks was anticipated, not all organizations were reinforced enough to repel these attacks with proper resources and technologies.

2021 is only a month away, and given the turbulent landscape we had in 2020, we can’t help but wonder what the cybersecurity conditions will look like for companies and enterprises in the upcoming year. Year after year, the cybersecurity industry faces new challenges and obstacles, and 2021 will be no different. 2020 proved to be one of the most challenging years, cybersecurity-wise, especially for those companies whose employees suddenly had to switch to remote working.

How can my team keep track of the threat landscape? What’s the best way to manage my company’s move to cloud-based and SaaS-based solutions? And how can I keep up with compliance regulations? Is there a better way to do all this?

We have all heard about Key Performance Indicators (KPIs) and how critical they can be for your security program , but confusion remains surrounding what KPIs are important to track and how they can be used to measure and improve the organization’s security program.

Does the SOC really need to be disrupted? In an EY survey, 59% of enterprises admitted experiencing a material or significant breach. Despite the fact that SOC spend dominates an organization’s cybersecurity budget, more than half of these SOCs were actually ineffective in protecting their organizations from attacks.

One of the major buzzwords when talking about cyber incident response is playbooks, advanced workflows with specific actions tailored to deal with and respond to cyber incidents. Over the past few security conferences, I have noticed something of a trend emerging that centers on the uncertainty and hesitance that some incident response teams have regarding the use of playbooks and, in particular, around the notion of automation in incident response.

After a couple of hard-working months full of exciting strategic discussions following the acquisition of DFLabs by Sumo Logic that was concluded this May, we are surely moving forward and laying the groundwork for the future of our Cloud SOAR as a part of Sumo Logic’s Modern SOC Strategy.

Our mission is to create a force multiplier for SOC teams and security analysts so they can reduce the time to verdict or judgment while triaging new Insights. At Sumo Logic, we take a different approach than other SIEM solutions. We don’t just create alerts and leave the analyst to gather other artifacts to gain context. We associate and group alerts, or what we call Signals, to an Entity (IP, User, Hostname, etc...).

Given today’s evolving multi-cloud dynamics and increasingly active threat landscapes, security teams have a greater need for integrated and scalable monitoring that provides meaningful real-time insights into the state of organizational security posture. As organizations adopt cloud-first strategies, cybercriminals have taken note and continuously evolve their tactics to gain access to valuable cloud data.