Security automation systems, tools and tactics
Manually operating enterprise security systems and infrastructure can be daunting. In this resource center, find out how security automation systems can save time, money and resources for enterprises struggling to stay one step ahead of attackers.
Top Stories
-
Tip
10 Apr 2024
Cloud database security: Best practices, challenges and threats
If your company is using a cloud database, it's critical to stay on top of security. Review the security features offered by top cloud providers, plus some best practices. Continue Reading
-
Feature
06 Feb 2024
20 free cybersecurity tools you should know about
Cybersecurity products can get pricy but there are many excellent open source tools to help secure your systems and data. Here's a list of some of the most popular with cyber pros. Continue Reading
-
Feature
06 Feb 2024
20 free cybersecurity tools you should know about
Cybersecurity products can get pricy but there are many excellent open source tools to help secure your systems and data. Here's a list of some of the most popular with cyber pros. Continue Reading
-
Definition
05 Feb 2024
SOAR (security orchestration, automation and response)
SOAR (security orchestration, automation and response) is a stack of compatible software programs that enables an organization to collect data about security threats and respond to security events with little or no human assistance. Continue Reading
-
Tip
01 Feb 2024
10 cybersecurity best practices and tips for businesses
Looking to improve your business's cybersecurity program? Study these 10 cybersecurity best practices and tips. Continue Reading
-
Feature
25 Jan 2024
Top benefits and challenges of SOAR tools
To ensure successful adoption, IT leaders need to understand the benefits of SOAR tools, as well as potential disadvantages. Explore pros, cons and how to measure SOAR success. Continue Reading
-
Answer
17 Jan 2024
SOAR vs. SIEM: What's the difference?
When it comes to the SOAR vs. SIEM debate, it's important to understand their fundamental differences to get the most benefit from your security data. Continue Reading
-
Tip
17 Nov 2023
AI in risk management: Top benefits and challenges explained
AI and machine learning tools can aid in risk management programs. Here are the potential benefits, use cases and challenges your organization needs to know about. Continue Reading
-
Feature
28 Jul 2022
How to secure data at rest, in use and in motion
With internal and external cyber threats on the rise, check out these tips to best protect and secure data at rest, in use and in motion. Continue Reading
-
News
28 Sep 2021
Microsoft releases emergency Exchange Server mitigation tool
Microsoft turned its attention to organizations that are slower to patch by releasing an emergency mitigation tool as a temporary fix against current threats. Continue Reading
-
Feature
14 Sep 2021
Why companies should use AI for fraud management, detection
AI is involved in many cybersecurity processes. Now it's making inroads in fraud management and detection. The benefits, however, are not without AI's nagging bias challenge. Continue Reading
-
Tip
21 Jul 2021
Automate app security with SaaS security posture management
Keeping track of cloud application security settings and configurations businesswide is no easy task. Automate this cumbersome task with SSPM. Continue Reading
-
News
13 Jul 2021
Why patching vulnerabilities is still a problem, and how to fix it
Patching is still a struggle for many organizations, and challenges include limited resources, technical debt, decentralized infrastructure and much more. Continue Reading
-
Feature
03 Jun 2021
Security observability vs. visibility and monitoring
Security observability, monitoring and visibility play different roles but together provide the tools to establish an all-encompassing enterprise security architecture. Continue Reading
-
Feature
10 May 2021
From EDR to XDR: Inside extended detection and response
As the definition of endpoints evolves, so too must the technology to protect them. Enter extended detection and response, or XDR -- one of cybersecurity's hottest acronyms. Continue Reading
-
Tip
18 Mar 2021
6 AIOps security use cases to safeguard the cloud
Explore six AIOps security use cases in cloud environments, such as threat intelligence analysis and malware detection, as well as expert advice on implementation considerations. Continue Reading
-
Definition
24 Feb 2021
honeypot (computing)
A honeypot is a network-attached system set up as a decoy to lure cyber attackers and detect, deflect and study hacking attempts to gain unauthorized access to information systems. Continue Reading
-
Feature
08 Jan 2021
2021 IT priorities require security considerations
AI, IoT and 5G are among the top IT priorities for CIOs and CTOs in 2021. Is your team prepared to address each tech's security needs? Continue Reading
-
Tip
09 Dec 2020
Key SOC metrics and KPIs: How to define and use them
Enterprises struggle to get the most out of their security operation centers. Using the proper SOC metrics and KPIs can help. Learn how to define and benefit from them here. Continue Reading
-
Tip
03 Dec 2020
8 challenges every security operations center faces
Staffing shortages, budget allocation issues, and inadequate analytics and filtering are among the challenges organizations will face as they implement a security operations center. Continue Reading
-
Tip
20 Nov 2020
Pair cyber insurance, risk mitigation to manage cyber-risk
The role of cyber insurance may come after a breach, but it remains a useful element in an organization's vulnerability management strategy. Continue Reading
-
Tip
20 Nov 2020
Cyber insurance explained, from selection to post-purchase
Before you sign on the dotted line, make sure you understand what cyber insurance can and can't do -- and what type of policy will do the most for you. Continue Reading
-
News
11 Nov 2020
Palo Alto Networks buys Expanse for $800 million
Palo Alto Networks continued its acquisition spree with an agreement to purchase San Francisco-based security vendor Expanse, which specializes in attack surface management. Continue Reading
-
Tip
11 Nov 2020
Note these 5 security operations center best practices
Understanding the five steps needed to ensure security operations center best practices will help organizations decide whether to outsource their SOC initiatives. Continue Reading
-
Tip
30 Oct 2020
Security automation tools and analytics reshape SecOps efforts
To transition from being reactive to proactive in terms of cybersecurity threats, check out how SecOps teams can use security analytics and automation tools to make the change. Continue Reading
-
News
27 Oct 2020
Mitre ATT&CK: How it has evolved and grown
Adoption of the Mitre ATT&CK framework, which saw version 8.0 released Tuesday, has grown rapidly over the last years, though challenges still remain for enterprise users. Continue Reading
-
Tip
21 Oct 2020
Evaluating SOC automation benefits and limitations
Security operations center automation can help address the security skills gap by scaling critical analyst responsibilities. But an overreliance on AI introduces other risks. Continue Reading
-
Tip
23 Sep 2020
7 SOC automation use cases to augment security operations
Implementing SOC automation can have far-reaching benefits for an organization's infosec program and security culture. Learn how by exploring these seven use cases of AI in SOCs. Continue Reading
-
Tip
03 Aug 2020
How to shift from DevOps to DevSecOps
A successful DevSecOps rollout requires software developers to be equipped with the proper security skills and tools. Learn how to transition smoothly from DevOps to DevSecOps. Continue Reading
-
Tip
15 Jul 2020
To face modern threats, using AI for cybersecurity a necessity
As cyberattacks grow in complexity, using AI for cybersecurity is required to stay ahead of threats. Here's how to integrate AI into security processes and avoid potential risk. Continue Reading
-
Tip
11 Jun 2020
3 key identity management tips to streamline workflows
Organizations must audit IAM processes to ensure that opportunities to streamline workflows are not missed. Use these identity management tips to get started. Continue Reading
-
Quiz
06 May 2020
Test your cyber-smarts with this network security quiz
Show what you know about the topics covered in the May 2020 issue of Information Security magazine. If you get nine of 10 answers right, you'll also receive CPE credit! Continue Reading
-
Tip
07 Apr 2020
AI pen testing promises, delivers both speed and accuracy
AI is making many essential cybersecurity tasks more effective and efficient. AI-enabled penetration testing, or BAS, technologies are a case in point. Continue Reading
-
Feature
03 Apr 2020
4 essential AI-enabled security concerns for buyers and vendors
Experts offer four concerns for enterprises and vendors to discuss in order to deploy and run AI-based cybersecurity tools. Continue Reading
-
Feature
27 Mar 2020
AI Security Alliance urges clarity for buying AI security tools
Vendors and customers must be aware of potential gaps between expectations and reality in the sale or purchase of AI cybersecurity products, an AI security expert advises. Continue Reading
-
Tip
11 Mar 2020
Updating the data discovery process in the age of CCPA
Privacy regulations are changing the enterprise data discovery process. Now, automation is key for fulfilling data discovery mandates, including those for CCPA and GDPR. Continue Reading
-
Feature
26 Feb 2020
Security testing web applications and systems in the modern enterprise
Security testing web apps with little budget and poor documentation is difficult. Ric Messier discusses building a security testing lab in the DevSecOps, cloud and automation age. Continue Reading
-
Tip
19 Feb 2020
AI-driven cybersecurity teams are all about human augmentation
AI is often associated with technology replacing humans. In the case of AI-based cybersecurity teams, however, AI will augment its human counterparts, not supplant them. Continue Reading
-
Tip
19 Feb 2020
Who wins the security vs. privacy debate in the age of AI?
When trying to maintain balance between security and privacy in an AI-enabled world, who decides which side should tip and when? So continues the security vs. privacy debate. Continue Reading
-
Quiz
06 Feb 2020
Try this cybersecurity quiz to test your (threat) intelligence
Check out our latest issue, and then test your understanding of the material. By passing this quiz, you'll solidify your knowledge and earn CPE credit, too. Continue Reading
-
Tip
06 Jan 2020
AI and machine learning in cybersecurity: Trends to watch
AI and machine learning in cybersecurity are not so much useful to security teams today as they are necessary. Examine cybersecurity automation trends and benefits. Continue Reading
-
News
26 Dec 2019
Siemplify looks to streamline security operations for enterprises
Siemplify aims to become the security equivalent of Salesforce. Chief strategy officer Nimmy Reichenberg discusses the company's plans for 2020 and the obstacles it faces. Continue Reading
-
Feature
26 Nov 2019
Role of AI in cybersecurity and 6 possible product options
Cyberthreats loom large in this modern IT environment. Explore the six most common roles of AI in cybersecurity and the products synthesizing them. Continue Reading
-
Answer
25 Nov 2019
The network security tools to combat modern threats
Incorporating new network security tools and methods into your enterprise's infosec program may mean the difference between staying safe or falling victim to an attack. Continue Reading
- E-Zine 01 Nov 2019
-
Tip
29 Oct 2019
Understand the top 4 use cases for AI in cybersecurity
AI applications in security offers organizations four unique benefits. Learn how machine learning advances can change industry approaches to threat detection and prevention. Continue Reading
-
Tip
08 Oct 2019
Defining and evaluating SOC as a service
As cloud use increases, many enterprises outsource some security operations center functions. Evaluate if SOCaaS is the best model for your enterprise. Continue Reading
-
Feature
25 Sep 2019
How to use SOAR tools to simplify enterprise infosec programs
SOAR tools are designed to deliver convenience and simplicity to cybersecurity programs. Explore the many benefits security orchestration and automation promises users. Continue Reading
-
Feature
05 Sep 2019
How does AttackSurfaceMapper help with attack surface mapping?
A new open source pen testing tool expedites attack surface mapping -- one of the most important aspects of any penetration testing engagement. Continue Reading
-
Feature
12 Aug 2019
Cybersecurity automation won't fix the skills gap alone
Joan Pepin, CISO and vice president of operations at Auth0, says cybersecurity automation makes her job possible, but it can't replace the human talent her industry badly needs. Continue Reading
-
Answer
28 Jun 2019
Do I need to adopt a cybersecurity framework?
A comprehensive cybersecurity framework can help businesses avoid costly attacks. But there are other advantages. Continue Reading
-
Answer
28 Jun 2019
What's the best way to maintain top cybersecurity frameworks?
Keeping top cybersecurity frameworks up to date means understanding how a business evolves and changes. What steps should you take to maintain your security strategy? Continue Reading
-
Answer
28 Jun 2019
What are the core components of a cybersecurity framework?
Cybersecurity frameworks differ from one company to another, but each plan has four fundamental stages. Find out what you need to know. Continue Reading
-
News
18 Jun 2019
Gartner: Cybersecurity skills shortage requires a new approach
At the Gartner Security and Risk Management Summit, analysts discuss the challenge of finding skilled cybersecurity professionals and how it can be solved. Continue Reading
-
Answer
31 May 2019
How can SIEM and SOAR software work together?
Many security pros initially thought SOAR software could replace SIEM. Our security expert advocates learning how SIEM and SOAR can work together. Continue Reading
-
News
31 May 2019
Palo Alto Networks buys Twistlock, PureSec for container security
Palo Alto Networks snaps up Twistlock and PureSec to broaden its cloud security portfolio and give enterprise IT shops more options for container and serverless security. Continue Reading
-
Answer
30 May 2019
The future of SIEM: What needs to change for it to stay relevant?
Compared to security orchestration, automation and response (SOAR) software, SIEM systems are dated. Expert Andrew Froehlich explains how SIEM needs to adapt to keep up. Continue Reading
-
News
28 May 2019
Cylance CSO: Let's name and shame failed security controls
Malcolm Harkins, the chief security and trust officer at BlackBerry Cylance, says security controls that don't live up to their billing should be taking more blame for data breaches. Continue Reading
-
Feature
14 Mar 2019
AI security tech is making waves in incident response
Experts weigh in on the latest smart cybersecurity tools -- how they work, the implications for your IT security team and whether the investment is worth the expense. Continue Reading
-
News
05 Mar 2019
Container security tools turn heads with expansion to hosts
Vendors that sell container security tools now face off against traditional security tool providers, as both vie for the attention of IT pros who look to fortify their cloud-native infrastructure. Continue Reading
-
News
22 Feb 2019
Security automation on display in 2019 RSAC Innovation Sandbox
Security automation will be a factor when most innovative startup is chosen at this year's RSAC Innovation Sandbox since almost all finalists use automation to improve security. Continue Reading
-
Tip
20 Feb 2019
Key steps to put your zero-trust security plan into action
There are three key categories of vendor zero-trust products. Learn what they are, and how to evaluate and implement the one that's best for your company. Continue Reading
-
News
19 Feb 2019
Palo Alto Networks to acquire SOAR vendor Demisto
Palo Alto Networks announced its plan of acquiring SOAR vendor Demisto for $560 million to accelerate its Application Framework strategy and beef up security operations automation. Continue Reading
-
Answer
25 Jan 2019
How can a security automation tool help mitigate unknown threats?
Security automation tools help ease the deluge of alerts security teams receive, according to IEEE member Kayne McGladrey, letting them focus on more interesting aspects of IT security. Continue Reading
-
News
16 Jan 2019
Enterprises betting on SOAR tools to fill security gaps
Security experts sound off on the importance and benefits of automating security, and highlight factors to be considered before implementing SOAR tools. Continue Reading
-
News
15 Nov 2018
BT Security CEO: Red teaming is valuable, but challenging
During the Securing the Enterprise conference at MIT's CSAIL, BT Security CEO Mark Hughes discusses the benefits and challenges red teaming has presented to his company. Continue Reading
-
Definition
26 Oct 2018
graceful shutdown and hard shutdown
Graceful shutdown and hard shutdown are two opposing methods of turning off a computer. A graceful shutdown is when a computer is turned off by software function and the operating system (OS) is allowed to perform its tasks of shutting down processes and closing connections. A hard shutdown is when the computer is forcibly shut down by interruption of power. Continue Reading
-
Tip
10 Oct 2018
Give your SIEM system a power boost with machine learning
The enterprise SIEM is still essential to IT defenses, but the addition of AI, in the form of machine learning capabilities, gives it even more potential power. Continue Reading
-
Tip
10 Oct 2018
The time to consider SIEM as a service has arrived
Now even your SIEM comes in the as-a-service model. Assess whether it's time to consider outsourcing this fundamental tool in your defense lineup. Continue Reading
-
Tip
10 Oct 2018
Prepping your SIEM architecture for the future
Is your SIEM ready to face the future? Or is it time for a major tune-up or at least some tweaks around the edges? Learn how to approach your SIEM assessment and updates. Continue Reading
-
Tip
07 Aug 2018
What to do when IPv4 and IPv6 policies disagree
Unfortunately for enterprises, IPv4 and IPv6 policies don't always agree. Fernando Gont examines the differences between these two security policies, as well as some filtering rules. Continue Reading
-
Tip
16 Jul 2018
Fine-tuning incident response automation for optimal results
Wondering where to apply automation to incident response in order to achieve the best results? The variety of options might be greater than you imagine. Read on to learn more. Continue Reading
-
Tip
16 Jul 2018
How to integrate an incident response service provider
Adding a third-party incident response service to your cybersecurity program can bulk up enterprise defenses, but the provider must be integrated carefully to reap the benefits. Continue Reading
-
Tip
17 May 2018
How security operations centers work to benefit enterprises
One key support system for enterprises is security operations centers. Expert Ernie Hayden reviews the basic SOC framework and the purposes they can serve. Continue Reading
-
Tip
08 May 2018
How security automation and orchestration impacts enterprises
The use of security automation and orchestration systems is on the rise, as they have the ability to provide automatic responses to threats. Learn how this benefits the enterprise. Continue Reading
-
Podcast
03 May 2018
Risk & Repeat: RSAC 2018 recap, part two
In this week's Risk & Repeat podcast, SearchSecurity editors discuss more trends and takeaways from RSA Conference 2018, from incident response services to AI and automation. Continue Reading
-
News
27 Apr 2018
SentinelOne CEO: Endpoint security market full of 'noise and confusion'
In part two of the interview with SentinelOne CEO Tomer Weingarten, he discusses how niche products and venture capital investments have affected the endpoint security space. Continue Reading
-
News
26 Apr 2018
Philip Tully: AI cyberattacks, AI arms race are coming
Malicious actors are working on AI cyberattacks and other ways to augment threat activity with AI. Philip Tully discusses how that can work and if enterprise security can keep pace. Continue Reading
-
News
26 Apr 2018
Philip Tully: AI models are cost prohibitive for some enterprises
Philip Tully discusses the expensive and time-consuming work of building AI models and how those models can become the target of cyberattacks by malicious actors. Continue Reading
-
Blog Post
17 Apr 2018
FedRAMP security requirements put a premium on automation
Matt Goodrich, director for the Federal Risk and Authorization Management Program, detailed FedRAMP security requirements and automation at RSA's Cloud Security Alliance Summit. Continue Reading
-
News
16 Apr 2018
SSH announces new key and certificate management service
A new key and certificate management service is now offered by SSH, which teamed up with AppViewX to provide a way to administer cryptographic keys and digital certificates. Continue Reading
-
Tip
05 Mar 2018
Continuous security monitoring advances automated scanning
Battling threats in today's fast-paced cyberworld means shutting down vulnerabilities fast, which requires round-the-clock monitoring. Learn how to make it happen in your company. Continue Reading
-
Tip
05 Mar 2018
Automated patch management and the challenges from IoT
From creating an inventory to scanning for IoT vulnerabilities, learn the key steps to take when it comes to automating patch management in your company. Continue Reading
-
Tip
12 Feb 2018
Identify abnormal application behavior with VMware AppDefense
VMware AppDefense is an endpoint security tool that relies on security automation to determine the intended state of a VM and to analyze and identify unusual application behavior. Continue Reading
-
E-Zine
01 Nov 2017
Next-gen SOC: What's on your automation roadmap?
The concept of a security operations center that optimizes resources -- security technologies, threat intelligence and analysts -- to counter threats is a great idea. However, in reality, designing an effective SOC is hard. Many companies struggle first with implementation and then with figuring out how to take their SOC to the next level. What will the next-gen SOC look like?
Security operations centers today are found mostly in large organizations and focus on detection and remediation. The lack of big data analysis tools that can work with wide varieties of data is a major obstacle.
"That's one of the reasons I think people say SOCs are not very effective yet," said Randy Marchany, CISO at Virginia Tech. The university's SOC project has been put on hold as they implement another security information and event management tool and ramp up on the open source Elastic Stack, formerly known as ELK.
Integration of tools and increased automation may help security analysts prioritize security events in a next-gen SOC, but once a serious security incident has been identified, many companies lack a sophisticated incident-response process. CISOs need to work on building internal and external relationships, like with law enforcement, that will assist the company in the event of a breach.
In this issue of Information Security magazine, we look at the strengths and weaknesses of security operations centers. To what extent are SOCs integrating the tools they have? How are they automating these processes? We ask CISOs and other security leaders what strategies will help organizations build the next-gen SOC. What is your three-year plan for getting your organization's security operations center to the next level?
Continue Reading -
Opinion
01 Nov 2017
Are companies with a SOC team less likely to get breached?
Information security operations centers are “growing up,” according to one study. But, with staffing shortages and manual collection of data, performance metrics are hard to get. Continue Reading
-
Feature
01 Nov 2017
Are security operations centers doing enough?
SOCs are maturing, but organizations facing the increased threat landscape understand that improving their effectiveness must be a priority in the year ahead. Continue Reading
- 30 Oct 2017
- 30 Oct 2017
-
Tip
15 Aug 2017
Security teams must embrace DevOps practices or get left behind
DevOps practices can help improve enterprise security. Frank Kim of the SANS Institute explains how infosec teams can embrace them. Continue Reading
-
News
09 Jun 2017
Microsoft accused of blocking independent antivirus competition
News roundup: Kaspersky files a complaint against Microsoft's handling of independent antivirus software for Windows 10. Plus, hackers use Instagram to spread malware, and more. Continue Reading
