A typical security operations centre (SOC) has three core costs: People, data and tools. The total cost of these will vary dramatically based on factors like how many endpoints and users are in your environment and the number of SOC team members you need. Various SOC cost calculators available online put the cost of building a SOC for a 1000-user environment at upwards of £2 million per annum.

Endpoint Detection and Response (EDR) alerts are what happens when an EDR system decides that event data from an agent installed on an endpoint, or several endpoints, shows a potential threat. This doesn’t mean that every EDR alert is a malicious event in progress. Many are “false positives” or malicious behaviour that is actually not a threat.

If you had to choose a security measure that would make the most difference to your cyber program right now, what would it be? Maybe you’d like to get another person on your team? Someone who is a skilled analyst, happy to do routine work and incredibly reliable. Or perhaps you’d prefer an investment that would give your existing team members back more of their time without compromising your ability to find and fix threats? What about human intelligence without human limitations?

Why have cyber incidents topped the Allianz Risk Barometer for the last two years in a row? Growing attack surfaces are partly responsible. Remote work, cloud migration, IoT use and other trends give cyber threats more places to enter and hide within networks. But there is another cause – deficiencies in the standard approach to threat detection and response.

Is this suspicious network activity alert actually a sign of intrusion, or just another false positive? As the cybersecurity visibility gap widens, anyone who works in a security operations centre (SOC) is likely to ask themselves and their colleagues this question on a regular basis. Unfortunately, as analysts know, answering it is rarely straightforward.

Security information and event management (SIEM) solutions like Microsoft Sentinel SIEM are at the heart of most security operations teams. But like any SIEM, while Microsoft Sentinel can be an incredible tool for centralising security data, it also risks being expensive and ineffective. In a recent webinar I discuss these problems and how SenseOn can help supercharge Azure Sentinel. You can now watch this webinar anytime online.

Security information and event management (SIEM) tools do a huge amount of security heavy lifting. A central record of millions of events, security operation centres (SOCs) rely on SIEMs for everything from compliance to threat detection and response. But as anyone who has ever worked in a SOC will testify, SIEMs have blindspots and problems—lots of them (Read our Head of Technology, Brad Freeman’s account of using a SIEM).

SenseOn helps organisations improve their security posture and provides the technical capability to meet many of the requirements of common cybersecurity standards. Globally, we have customers who have achieved compliance with ISO 27001, PCI DSS, SOC 2, CIS Top 18, HIPAA, GDPR, and more. This article addresses the most common standards and highlights how SenseOn can help.