- SOAR 101
The latest article in the series written by Stan Engelbrecht, Director of D3’s Cyber Security Practice, is currently featured on SecurityWeek. Stan’s three-part series covers the important incident response steps that many companies overlook. In this excerpt from the article, Stan describes the importance of understanding the baseline in your organization in order to better detect suspicious activity. To read the article in its entirety, head over to SecurityWeek.
In order to effectively detect anomalies, you need to know what “normal” looks like within your environment. While you might have gained a general sense of what constitutes ordinary network traffic during your preparation phase, you should still take the time to quantify it and ensure that this baseline is broadly understood across your security team for use in the response phase. Understanding your baseline makes it possible to tune your SIEM to generate less false positives over time and help your analysts catch more dangerous incidents. When setting your baseline, consider:
This article originally appeared on SecurityWeek. To continue reading, please click here to access the article on SecurityWeek.