Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Devo

Welcome to the Age of Cybersecurity Attack Stories

Let me tell you a story. Not a bedtime story or the sort of happy-ending story you’d read to your kids. This is a darker, much more serious story. It’s a story about cybersecurity. Specifically, it’s a story about attack stories. You may be asking yourself, what is an attack story? Every cyberattack has a story. And that story consists of a sequence of steps adversaries take to learn, access and control the resources and data of the victims they’re pursuing.

How to Foster a Productive SOC Culture

According to the 2021 Devo SOC Performance ReportTM — which is based on the results of a survey of more than 1,000 security practitioners — having an understaffed SOC or constant turnover of security talent can cripple an organization’s security posture. Let’s look at some of the root causes that can lead to these two interconnected problems.

How to Foster a Productive SOC Culture

According to the 2021 Devo SOC Performance ReportTM — which is based on the results of a survey of more than 1,000 security practitioners — having an understaffed SOC or constant turnover of security talent can cripple an organization’s security posture. Let’s look at some of the root causes that can lead to these two interconnected problems.

Detecting Spring4Shell 0-day Vulnerability Using Devo (updated 4/7/22)

Editor’s note: Latest update, April 6, 2022, 7:30 p.m. U.S. EDT — This post now includes an example query to aid SOC teams in generating alerts for their specific WAF data sources. See the section “Create New Web Application Firewall (WAF) Rules” for details. A critical zero-day vulnerability in Java’s popular Spring Core Framework is being actively targeted, according to multiple reports submitted to Bleeping Computer.

Threat-Based Methodology: Auditing

This is the third post in the Threat-Based Methodology blog series. In the first post, we introduced Threat Based Methodology and the analysis conducted by the FedRAMP PMO and NIST. In that post, we ended by listing the top seven controls based on their Protection Value. The second post explored configuration settings in greater depth and explained how Devo supports the ability to meet the CM-6 control.

SOC Automation: 3 Use Cases to Reduce Analyst Burnout

As revealed in the 2021 Devo SOC Performance ReportTM — which is based on the results of a survey of more than 1,000 security practitioners — organizations are frustrated with their SOC’s lack of effectiveness in performing its vital work. To combat the concerns the survey identified, it’s important for SOCs to refine how they operate.

Threat-Based Methodology: Configuration Settings

This is the second post in the Threat-Based Methodology series. The first post introduced Threat-Based Methodology and the analysis conducted by the FedRAMP PMO and NIST. That post concluded with a list of the top seven controls based on their Protection Value. This post will explore CM-6 in greater depth and explain how Devo supports the ability to meet this control. CM-6, Configuration Settings, was determined to provide the most Protection Value with a score of 208.86.

4 Questions to Ask About Building a Security Operations Center

Building an in-house security operations center represents a significant commitment, both financially and strategically, to securing your enterprise. According to the 2021 Devo SOC Performance ReportTM — which is based on the results of a survey of more than 1,000 security practitioners — 73% of respondents said their SOC was “very important” or “essential” to their organization’s overall cybersecurity strategy.