The necessity of a SIEM for organizations and their security teams has evolved dramatically over time. It has gone from edge use cases and compliance to the current preferred form of threat detection, hunting, and incident response. As the use cases have changed, so has the architecture. As a result, organizations that have been running their SIEM on-premises are now looking for modern architectures to reduce the workload on their analysts. The simple choice: SaaS, of course.

Threat hunters are some of the most specialized and experienced workers in the SOC. They are incredibly valuable to the organization, but as the 2023 SANS Threat Hunting Survey finds, they’re continually being asked to multi-task and take on other duties. And that’s taking away from their primary job of hunting for threats. How can we change this status quo and help threat hunters (and the organizations they work for) be successful? That’s the million-dollar question.

For years, security leaders have debated the advantages of building in-house security operations centers or outsourcing the SOC function to a third party. Both options have their pros and cons. The best choice for each organization depends on a few factors: the type of threats it encounters, the resources it has at its disposal, the complexity and breadth of their attack surface, and the commitment it wants to make to advanced threat hunting.

The Biden Administration’s recent moves to promote “responsible innovation” in artificial intelligence may not fully satiate the appetites of AI enthusiasts or defuse the fears of AI skeptics. But the moves do appear to at least start to form a long-awaited framework for the ongoing development of one of the more controversial technologies impacting people’s daily lives. The May 4 announcement included three pieces of news.

2022 was a year of dramatic expansion for The Devo Platform. The enhancements of behavior analytics, workflow automation, and AI-driven threat detection have transformed the Devo Platform into a cloud-native, SIEM, UEBA, and SOAR solution. This gives security teams the visibility, high performance, and advanced analytics they need to respond quickly to threats and protect the business.

The CISO role has evolved in recent years. CISO’s don’t come just from technical and security backgrounds anymore. Each organization has their own distinct vision for how to solve their security needs whether they are customer, regulatory, or industry driven. I started out my career as an external auditor, with the goal of becoming a CFO.

The first three pillars of the National Cyber Security Strategy focused on activities that could be accomplished in the near term–perhaps within a few years. The last two pillars start looking at some challenges that we need to address now.

Security teams are faced with relentless cyberattacks, and they cannot engineer defenses fast enough. SOC teams face limited visibility, insufficient context, and the inability to identify the threats that matter. Analysts are even more burned out, switching from tool to tool, frantically trying to make sense of what they are seeing.

Last time we looked at The US National Security Strategy Pillar 1: Defend Critical Infrastructure. Today, we are looking at Pillar 2: Disrupt and Dismantle Threat Actors and Pillar 3: Shape Market Forces to Drive Security Resilience. Preventing the attacks in Pillar 1 would not be necessary if the attackers were taken off the board.

This is the first post in a series on the pillars outlined in the new US National Cybersecurity Strategy. I review each pillar in turn, and then discuss how services such as Devo can help address the challenges outlined in that pillar.