Since February, when we launched Devo Security Operations, the industry’s first cloud-native next-gen SIEM, we’ve kept our foot firmly pressed on the development pedal to add features and enhancements. Security Operations enables customers to transform their security operations centers (SOC) and protect their enterprises against cyberthreats.

With all the cyberthreats around today, security operations center (SOC) analysts need the right tools to identify, respond to, and stop those threats. Increasingly, threat intelligence sharing is one of the key tools for preventing threat actors from breaching organizations’ network, infrastructure, and operational environments, including the cloud.

Today we published the 2020 Devo SOC Performance ReportTM. The subtitle, A Tale of Two SOCs, underscores that there are two types of security operation centers (SOC): those that are performing reasonably well and those that are struggling. As someone who has worked in cybersecurity for more than 20 years, I find the results of our second annual SOC report informative, instructive, and also extremely irritating.

Threat hunting is one of the most critical activities performed by SOC teams. Once an alert triggers and a tier-1 analyst assesses it and sends it up the line for further evaluation by a more senior analyst, the race is on. Hunting down the threat as quickly as possible, before it can wreak havoc on the organization, becomes the top priority.

As if the pandemic itself weren’t causing enough pain and suffering in the world, cybercriminals are busy developing and deploying COVID-19-related malware to try and take advantage of unsuspecting victims. Fortunately, one of the world’s leading technology companies, Microsoft, is taking action to help people avoid becoming victims of these scams.

During the past decade, security operations centers (SOC) have become an integral part of the cybersecurity programs of many organizations. When you think of a defined team spending all of its time managing security events and using consistent processes for remediation, you may envision a group of company employees who report to a CIO or CISO.

With most of the country sheltering in place and so many people working remotely, work-life balance is taking on a new meaning and cloud infrastructure is taking a beating. The dramatic increase in daily activity and network use is creating both a visibility challenge and an operating model shift for already lean security teams.

Building an in-house SOC represents a significant commitment, both financially and strategically, to securing your enterprise. In a report from the Ponemon Institute—based on a survey sponsored by Devo of more than 500 IT and security practitioners—67 percent of respondents said their SOC was “very important” or “essential” to their organization’s overall cybersecurity strategy.

You’ve probably heard by now that we face a severe shortage of cybersecurity professionals with the skills and experience necessary to effectively defend against today’s—and tomorrow’s—threats. Cybersecurity Ventures estimates there will be 3.5 million unfilled jobs globally by 2021. Fortunately, there are key areas of the SOC workflow that can be automated to take advantage of security analyst intuition and act as a force multiplier.

The security operations center (SOC) plays a critical role in an enterprise organization’s efforts to protect their data from rapidly evolving cybersecurity threats. However, for a variety of reasons revealed in this report by the Ponemon Institute—based on a survey sponsored by Devo of more than 500 IT and security practitioners—organizations are frustrated with their SOC’s lack of effectiveness in performing its vital work.