Our latest research agenda program fits in the latter category. When we were looking at possibilities for 2024, a client suggested:

Something around how the security industry is evolving to make the SOC more efficient and reduce stress and burnout would be good. For example, the H/M/L prioritization of alerts didn’t really do much. What are vendors doing that works, and what doesn’t work? (There could be a little AI in here, but it would be good to go beyond that.)

That nudge (thanks, Bob!) became the origin point for our latest report, Making the SOC More Efficient (available on the main Osterman Research site). It’s a long paper (26 pages) that attempts to deal thoughtfully and in-depth with the topic, exploring the data points we captured through the survey and advocating a way forward. There is more than “a little AI” in the report, though, as this has become both the greatest threat (82.4% of security leaders said that “the use of AI by cyberthreat actors in cyberattacks” was “very impactful” or “extremely impactful” – the highest-rated trend in this research) and one of the greatest tools for defenders (via the rise of AI-enabled cybersecurity solutions).

Some of the key takeaways from the research:

• Current SOC approaches have hit the wall
  Confidence in the ability of the SOC to protect against the threats detected by their security tools has dramatically increased during the past two years, but this increase in confidence is expected to rapidly crater. The innovations that drove increased SOC performance over the past two years do not contain the necessary ingredients to continue driving performance over the next two.
• Specialized threat intelligence to eliminate false positives, AI for behavioral analysis, and autonomous remediation seen as top innovations
  The three innovations seen as most likely to drive SOC efficiency and reduce stress and burnout among SOC analysts are the use of specialized threat intelligence to eliminate false positives; using AI for behavioral analysis in investigating alerts and autonomously creating or updating detection rules; and autonomously remediating incidents without SOC analyst intervention. Almost half of respondents gave two AI-powered defensive innovations the highest rating.
• New innovations improve SOC metrics by a composite average of 35%
  All organizations in this research are already experimenting with at least one new approach to improving the efficiency of their SOC. The most impactful innovations on key SOC metrics (time to begin working on an issue, time to close an incident, and number of false positives) are AI behavior analysis with autonomous rule creation/updating, AI behavioral modeling for detecting baseline deviations, and autonomous remediation of incidents.

If SOC efficiency is in your wheelhouse, we’d love you to get a copy.

This program was sponsored by Dropzone AI, HYAS Infosec, Radiant Security, and Sevco Security.

U.S. critical infrastructure organizations need to improve cyber hygiene

In almost all attacks seen against U.S. critical infrastructure organizations, cyber actors have taken advantage of poor cyber hygiene practices. These include the use of default or weak passwords, unpatched known vulnerabilities, and poorly secured network connections. Avril Haines, Director of National Intelligence, said they are seeing record levels of attacks against U.S. industrial control systems typically used to automate industrial processes and widely used by critical infrastructure organizations. Defense.gov

Aiden for addressing vulnerabilities and keeping Windows endpoints at the desired specification

Aiden Technologies announced new security capabilities to mitigate vulnerabilities faster across Windows endpoints. Its AidenVision system identifies and alerts on high and critical CVEs across all Windows endpoints, maps what new software patches are needed to address these CVEs, and then automates remediation. Pre-AidenVision, the company says that organizations typically took 55 days to remediate 50% of the most critical KEVs from CISA. Post-AidenVision, organizations can deal with 97% of the most critical CVEs within 3 days. The reporting system gives audit-ready evidence to meet enquiries from regulatory bodies and insurance carriers. Aiden Technologies

Another reason to stop relying on SMS for MFA

Receiving one-time codes by SMS is a very convenient way of enacting multi-factor authentication requirements. It is, however, one of the least secure methods of MFA and one we continually recommend against. With phishing kits routinely including MFA bypass capabilities for one-time codes, SMS and other MFA mechanisms that take this approach should be deprecated in your security posture. And here’s another reason: fraudsters are targeting employees at mobile carriers with offers of money to perform a SIM swap, thus giving them access to a user’s phone number to receive MFA codes, among other malicious benefits. Security Boulevard