CAWS: Empowering the Overwhelmed SOC

A whitepaper from NSS Labs titled Empowering the Overwhelmed SOC

Hexagon with a hexagon inside it shaded to appear like a cube. Below is "CAWS" in grey

As the threat landscape continues to expand and diversify, enterprises are being targeted by attacks of all shapes and sizes. Traditional attacks exploiting network and endpoint vulnerabilities are being joined by increasingly creative attacks on mobile devices and the Internet of Things (IOT). Threat actors consistently foil security teams with targeted attacks that exploit zero-day vulnerabilities and that can continually morph to stay a step ahead of security signatures and rules.

While security teams continue to add to their threat protection arsenal, they are struggling to keep up with the threats. Security information and event management (SIEM) products, threat analytics platforms, advanced endpoint protection (AEP) products, user entity behavior analytics (UEBA) tools, and incident response platforms all help increase visibility into threats, but significant gaps remain in how security analysts ingest and process data from these tools. Many of the challenges they face are a result of gaps in five major areas.

Download Now