協力：

Optimizing SOC operations with tailored playbooks: features of effective playbook development

Many scenarios that teams encounter in a security operations center (SOC) eventually resurface, like waves returning to shore. They may look unique, but the underlying patterns are the same. SOC playbooks, which are step-by-step instructions tied to incident categories, are labor-saving tools that help you address these scenarios. A playbook gives analysts a clear path forward under time and pressure constraints. It shouldn’t be confused, however, with an incident response (IR) plan, which is the blueprint that defines an organization’s high-level structure, roles and policies. While the IR plan guides strategy, such as which regulators must be notified after a breach, it lacks the granular, practical direction an analyst requires during an event. Playbooks help by breaking down complex categories of threats into specific, repeatable actions that analysts can trust. This ultimately speeds up response and reduces risk. Without them, analysts must translate broad policies into acti...

Article

Historical data analysis in security operations: the role of retrospective search

This essay was written by Sergey Soldatov, Kaspersky’s Head of Security Operations Center. It explores the unique role of threat hunting in detecting advanced persistent threats (APTs) that evade automated security solutions, positioning it as a critical component of a modern SOC’s detection and response strategy. Drawing from real-world detection practices, it outlines how threat hunting complements alert-driven SOC operations through retrospective analysis and hypothesis-driven investigation, using telemetry data such as EDR/NDR logs.

Article

IoC hunting in action: practical pivoting techniques

This article was written by Damir Shaykhelislamov, an employee working within Kaspersky’s Expert Security Solutions department. It explores the importance of IoC pivoting in modern threat hunting and demonstrates how to move from basic IoC detection to building a broader picture of nefarious activity. The article includes real-world examples that will help analysts to enrich indicators and optimize workflows with threat intelligence, such as: • Infrastructure-based pivoting (e.g., IPs, domains, SSL certificates) • Malware artifact discovery using sandboxing and code analysis • Threat attribution and TTP mapping with frameworks such as MITRE ATT&CK These, among other, techniques provide a structured approach to turn isolated indicators into actionable insights, so analysts can detect more, respond faster and get ahead of cyberthreats.

レポート

The Core of сyber defense: End-to-End SOC expertise — Run, Build, and Improve

Security operations centers (SOCs) are under unprecedented strain. This is the result of surging cyberthreats, overwhelming alert volumes and a shortage of skilled, experienced analysts. Tool maintenance is another time sink, with many SOCs spending more time configuring tech than protecting their organization. Tired teams are of course less effective, yet many SOCs admit to being overworked. This delays detection, slows response and leads to burnout, forcing valuable analysts to leave. And those analysts are difficult to replace, with around half of organizations needing more than six months to fill InfoSec roles. At Kaspersky, we address these technological and human challenges with a full-cycle SOC approach, using our frontline experience to boost the performance of struggling teams. We support businesses throughout the whole SOC development and operation lifecycle, from design and build to 24/7 monitoring and optimization. The teams we support benefit from: • Expertise at ev...

Article

Getting it right the first time: SOC deployment without regrets

There is no universal lightbulb moment when organizations realize they need a security operations center (SOC). Businesses, like people, are distinct entities that navigate unique challenges and mature at different rates. Nowhere is this truer than cybersecurity, with digital transformation and technological complexity inviting new risks over time – from mitigating targeted attacks to maintaining compliance on a global scale. There are, however, common triggers that set the SOC-creation process in motion. Some of these are logical and proactive, including: • Regulatory requirements – especially in critical infrastructure • Proactive risk awareness – understanding that business can be interrupted by cyberattacks • Observed increase in cyberthreats – facing more frequent and/or sophisticated cyberattacks that require a dedicated team to mitigate Some other triggers are reactive and therefore less desirable. One example is an attacked business realizing they didn’t have the capabili...

Article

Effective onboarding and mentorship in SOC teams

This essay was written by Renat Gimadiev, SOC Solutions Expert in Kaspersky’s Expert Security Solutions department. It highlights the critical role of structured onboarding and mentorship in modern SOCs, showing how intentional programs can accelerate analyst readiness, improve retention and reduce burnout. It draws from real-world challenges to outline actionable strategies that help new hires become productive, including: • Structured onboarding plans (e.g., 30/60/90-day models with balanced theory and practice) • Defined mentorship roles and responsibilities (mentor, buddy, supervisor, mentee) • Practical knowledge transfer techniques, including shadowing, guided practice and feedback loops • Key performance indicators (e.g., time to independence, QA error rate and mentor satisfaction) By using these approaches, organizations can steadily build up new hires into confident analysts who can strengthen a SOC’s detection, response and resilience.

Optimizing SOC operations with tailored playbooks: features of effective playbook development

Historical data analysis in security operations: the role of retrospective search

IoC hunting in action: practical pivoting techniques

The Core of сyber defense: End-to-End SOC expertise — Run, Build, and Improve

Getting it right the first time: SOC deployment without regrets

Effective onboarding and mentorship in SOC teams

おすすめのコンテンツ

The Core of сyber defense: End-to-End SOC expertise — Run, Build, and Improve