Improve productivity of your SOC personnel through menlo iSOC
I get it—it’s been a hard year for the cybersecurity industry. Covid-19 pushed users from a safe, central, hardened data center out to the edge of the network—literally overnight. We’ve been forced to scramble to enable secure application access to these newly remote users who are logging in to critical business systems from unsecured residential Internet connections and personal devices. We all knew this day was coming, but no one thought that 2020 would be the year we embraced the New Normal.
The Security Operations Center (SOC) has been stretched thin. In addition to having to secure remote employees, cybersecurity professionals have been reallocated to other critical functions—namely, remote support. Tracking ransomware threats emerging from the Ukraine or getting ahead of a new drive-by attack that targets Microsoft Office 365 users are just not priorities right now when the CFO can’t even get access to the company’s financial systems.
This situation, of course, isn’t ideal. Malicious actors can smell blood in the water and have stepped up their attacks. The Information Systems Security Association (ISSA) reports a 63 percent increase in cyberattacks related to the pandemic. Many SOCs are left with a skeleton crew to tackle the increase in threats.
Alert fatigue in the age of Covid-19
Making things worse is the overwhelming nature of working in a SOC. A survey at RSA 2018 found that most enterprises receive 10,000 alerts per day, while more than a quarter see more than 1 million per day—even more in some highly targeted industries. And, according to Ovum, just 20 percent of alerts are related to a unique security event.
With this volume, simply blocking everything just isn’t practical. The Internet is a critical business tool—providing application access, collaboration and communication tools, and critical research for everyone from frontline workers to the CEO. Shutting off the Internet would disrupt workflows, annoy users, and inhibit business agility.
But wading through thousands of alerts every day to identify critical events isn’t a good option either. SOC operators would get alert fatigue, suffer from morale issues, and perhaps get lulled into complacency. Cybersecurity has created a massive data problem that organizations need to solve through innovation.
Menlo can act as an additional security layer
Menlo iSOC complements your existing SOC personnel by providing actionable threat intelligence. Menlo iSOC sifts through the noise and flags only the events that need immediate attention, thus reducing the volume of alerts that SOC staff have to process. In a sense, Menlo iSOC acts as an additional security layer—playing the role of a sentinel that monitors users’ Internet traffic and actions, and alerting internal security teams of any threats to the organization.
Combined with the Menlo Security Global Cloud Proxy with an Isolation Core™, Menlo iSOC provides malware-free web browsing without impacting the native user experience. We essentially close security gaps caused by alert fatigue and allow SOC personnel to focus on more strategic projects that keep the organization safe.