The best cybersecurity analysts should play the part of detective

With an ever-growing threat from cyber attacks, we now live in a world where security operation centers (SOC) are the norm. These typically feature a number of cybersecurity analysts watching screens for alerts, and then following a play book for any alerts that occur.

When done well, these operations will usually identify and remediate common attacks very quickly. For example, responding to an alert about a malware attack on a system, they would typically block the system from the network, and send field personnel to clean it up.

These SOC operations are usually reliable and scalable, and they can be trusted to resolve common issues with little intervention. Therein lies the problem, however. Today’s bad actors know the same playbooks, and they know how to use them to avoid detection. Their tactics change frequently, often faster than a playbook can be updated to reflect a new technique. It is impossible to keep up with the bad actors using only this approach.

To read this article in full, please click here

This article originally appeared on CSOOnline