Time to Hit Reset in the SOC
Symanto Blog – Gavin Fulton, Esther Seguin
Todayâs Security Operations Center (SOC) is struggling. It holds one of the most critical functions in the security org, yet it remains in a difficult place. Symantecâs rich experience in threat intelligence has given us excellent insight into whatâs going on. Despite decades of cybersecurity advancements, SOC analysts still receive 1000s of incidents every day. We have just introduced a new EDR feature that harnesses the power of the Adaptive technology thatâs already in SES Complete. With âAdaptive Incidentsâ, as it is called, we use our AI to evaluate all events in the environment. As we analyze, we look for normal activity that could be considered suspicious. Adaptive Incidents studies day-to-day operations â contextually and situationally â to establish a baseline of normal activity for each customer. With that intelligence, we can create an âadaptationâ of the rules that trigger incidents for the SOC to investigate.
Link: https://symantec-enterprise-blogs.security.com/blogs/product-insights/hit-reset-soc