SOC Metrics: Measuring SecOps KPIs
SecOps metrics are trackable bits of data that quantify various aspects of your security operations center (SOC), such as performance or efficiency.
Chris Champa
Chris Champa Articles
6 Essential SOC Best Practices
Explore the top best practices for an effective security operations center (SOC).
What is Anomaly Detection?
In this post, we’ll look at where anomaly detection fits into your cybersecurity big picture, some common techniques and use cases, as well as some tips on rolling out anomaly detection without adding to your teams’ workload.
What is Managed Detection and Response (MDR)?
In this post, we’ll look at some of the differences between MDR and traditional managed services, how MDR functions within organizations, some of the tools it works with for even more effective threat detection and response, and the most important tip for getting the most out of your MDR solution.
What is Incident Response Automation?
Incident response automation is a practice that uses artificial intelligence (AI) and machine learning (ML) capabilities in order to speed up the incident response process.
What is Detection Engineering?
Detection engineering is a structured approach to developing, implementing, and refining threat detection mechanisms that’s tailored to an organization’s specific environment.
Top OSS Incident Response Tools
Open-source software (OSS) incident response (IR) tools are publicly available tools enterprises use to effectively manage and respond to numerous security threats.
Incident Response Plans: Creation, Implementation, and Best Practices
An incident response plan (IRP) is a detailed framework that provides clear, step-by-step guidelines to detect, contain, eradicate, and recover from security incidents.
Incident Response Playbooks: The Blueprints for Effective IR
An incident response playbook is a document outlining clear steps for security teams to follow when responding to and resolving security incidents such as malware infections, unauthorized access, denial-of-service attacks, data breaches, or insider threats.
What Is Cloud Incident Response?
Cloud incident response is a strategic approach to detecting and recovering from cyberattacks on cloud-based systems with the goal of minimizing the impact to your workloads and business operation accordingly.
What is Cloud Threat Modeling?
Cloud threat modeling is a systematic approach designed to uncover, evaluate, and rank the potential security vulnerabilities and dangers unique to cloud-based systems and infrastructure.
Security logs
Cloud security logs are formatted text records that capture events and activities as they occur in a cloud environment, providing insight into what’s happening within that environment in real time.
What is Cloud Forensics?
Cloud forensics is a branch of digital forensics that applies investigative techniques to collecting and evaluating critical evidence in cloud computing environments following a security incident.
Unpacking the Security Operations Center (SOC)
Security operations centers (SOCs) are centralized facilities and functions within an enterprise’s IT ecosystem that monitor, manage, and mitigate cyber threats.
Chris Champa Posts
Wiz Defend: Delivering the Promise of Cloud-Native Security Operations
A new approach to detect and respond to cloud-native threats
Cloud Logging Tip & Tricks: Getting the most value out of your cloud logs
In the cloud, logs are often the only way to get real-time visibility into what's happening, making them critical to any cloud detection and response program.