I think we can all agree that one of the primary responsibilities of a SOC is to efficiently bring the organization back to a known good state after being hit by an attack.

And yes, that includes detecting that an incident took place and responding to that incident. The proverbial…


In a previous blog, I described why following the XDR newsfeed felt like watching a telenovela with always a more dramatic episode around the corner. This might be fun for the casual observer, but it is really hurting CISOs and security teams, and ultimately it is detrimental to organizations’ security…


Confusing drama? Intrigue? Passion? Cliffhangers? Look no further than the XDR Telenovela and its never-ending stream of episodes.

New episodes — the plot thickens

If you are a technology buyer for the SOC I bet the XDR Telenovela is programming you could do without. Every day, there seems to be a new dramatic episode. Yet another…


Photo by Brett Jordan on Unsplash

A couple of months back, I wrote about traditional SIEMs not being adequate threat detection, investigation, and response (TDIR) tools for our new world, and how that forced the marketplace to adapt, creating a vacuum for two types of TDIR tools, namely 1) XDRs and 2) emerging SIEMs. …


“Automated SOCs” is a fun topic that is sure to get people’s juices flowing. I am referring to what some of us (several former analysts from Gartner and current analyst from Forrester) have recently been discussing. Examples include:

- Allie Mellen from Forrester wrote, “Stop trying to take humans out…


In our last blog post, we described the legacy SOC maturity model based on speeds and feeds tracking activity volume, mean time to detect (MTTD) and mean time to respond (MTTR). We demonstrated why SOCs that try to improve these metrics are not as effective or efficient as they could…


Demystifying the SOC, Part 3: Whether You Know It or Not, You Have a SOC

In our previous posts, we discussed why every organization, including yours, needs a security operations center (SOC) and why prevention is not enough. Here we’ll discuss why, whether you know it or not, you already…


In our previous post, we discussed why every organization, including yours, needs a Security Operations Center (SOC) to detect and address security breaches and maintain the infrastructure in a known good state. …


This is the first in a series of a dozen or so blog posts entitled “Demystifying the SOC” covering several topics on security operations centers (SOCs). …

Gorka Sadowski

Cybersecurity expert and Chief Strategy Officer at Exabeam. Former Gartner analyst driving SIEM and SOC research and builder of the Splunk security ecosystem.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store