According to the latest enterprise survey released by Micro Focus, the most important security capability of the global SOC security operation team is advanced threat detection, and they hope to use more next-generation automated security operation tools based on artificial intelligence and machine learning technology to build an active defense system.with 僱用駭客 For example, if it continues to develop, it will definitely become the benchmark of the industry and play an important role in leading the market. https://www.lvbug.com/zh-TW/
Automated security operation tools
Eleven popular safety operation tools
The report shows that more than 93% of the respondents use artificial intelligence and machine learning technology, and the main goal is to improve the advanced threat detection capability; More than 92% of the respondents hope to use or buy some form of automation tools in the next 12 months.
The survey results show that with the continuous maturity of SOC, the enterprise security operation team will deploy the next generation of security tools and functions at an unprecedented speed to make up for the gap in security capabilities.
Nowadays, the risks and operational challenges faced by enterprise SOC are accumulating: more data, more complex attacks and larger attack surfaces and asset exposure need to be monitored. However, if properly implemented, artificial intelligence technologies, such as unsupervised machine learning, are pushing enterprises to implement the next generation of safe operations.
The survey shows: “More and more enterprises find that artificial intelligence and machine learning technology are very effective, which can enhance the advanced threat detection and response capabilities, thus accelerating the improvement of the security capabilities of the SecOps team.”
Automated security operation tools 02
The report found that the SecOps team used a large number of tools with increasing automation level to help protect critical data assets. The adoption rate of 11 popular security operation tools listed in the above chart is expected to exceed 80% in 2021.
Enterprises rely more on MITRE ATT&CK framework.
With the increasing number of threats, the report found that 90% of enterprises rely on MITRE ATT&CK framework as a tool to understand attack technology, and the most common reason for relying on the opponent’s tactical knowledge base is the need to improve the ability to detect advanced threats.
In addition, the security technologies needed to protect the digital assets of today’s enterprises have become extremely complicated, which means that SOC teams rely more on automation tools to work effectively.
According to the joint report of McAfee and the Center for Long-term Cyber Security of the University of California, Berkeley, “MITRE ATT&CK as a Survey of Cloud Security Threats”, most enterprises lack confidence in their own intrusion detection capabilities, and MITRE ATT&CK can help enterprises quickly find the gaps in security visibility, tools and processes.
Therefore, MITRE ATT&CK has been widely adopted in enterprises (and more and more safety operation tools are also integrated with this framework):
87% of the enterprises surveyed believe that implementing MITER ATT&CK can improve cloud security;
81% have used the framework;
63% use MITRE ATT&CK framework for both enterprise and cloud security matrix;
57% use MITRE ATT&CK framework to compare the gap of deployed security solutions;
55% use MITRE ATT&CK framework to support the implementation of security policies;
54% use MITRE ATT&CK framework to support threat modeling.
Driving Force of Automation: New Threats, Challenges and Security Going to the Cloud
During the COVID-19 pandemic, global enterprises faced many new threats. Among them, the increase in the number of cyber attacks and security incidents (global growth of 45% year-on-year), followed by the increase in risks caused by employees using unmanaged devices (global growth of 40%).
About one-third of the respondents believe that the two most serious challenges facing the enterprise security operation team (SOC) are:
Priority classification of security events;
Monitor security on a growing attack surface.
Secure operation on the cloud: More than 96% of enterprises use cloud computing for IT security operation. On average, nearly two-thirds of IT security operation software and services have been deployed in the cloud.