Let the community know what you think. Share your opinions now!
Threat Hunting, Threat Feed and Analytics. Visibility and Co-Relation of Threats
Cloud Based Management
@E.ABDUL Thanks for weighing in :)
The rapid support and confidence of an expert team that is always there monitoring for potential unusual activity in our environment with numerous predefined playbooks that can take automated actions or the ability to create our own for unique situations. Incident view to see from beginning to end of an event and the process that prevented it from becoming an issue in our environment. Ability to use honeypots across files, users, networks, and devices to capture an attacker in the act.
From investment protection point of view, it would be better to go for a XDR solution that allows feeds from security products of multiple vendors. Many of the XDR solutions can correlate feeds from their own security products only.
Second most important thing would be how reputed and rich threat feeds are and form multiple sources.
Third would a top notch response team that can detect anomalies
The correlation of data over a variety of security layers as endpoints, email, servers, cloud workloads, and the general network. XDR must also strive to visualize the entire attack lifecycle.
Hi SOC analysts and other infosec professionals,
Which standard/custom method do you use to decide about the alert severity in your SOC?
Is it possible to avoid being too subjective? How do you fight the "alert fatigue"?