SOC 3.0 – The Evolution of the SOC and How AI is Empowering Human Talent
Organizations today face relentless cyber attacks, with high-profile breaches hitting the headlines almost daily. Reflecting on a long journey in the security field, it’s clear this isn’t just a human problem—it’s a math problem. There are simply too many threats and security tasks for any SOC to manually handle in a reasonable timeframe. Yet, there is a solution. Many refer to it as SOC 3.0—an AI-augmented environment that finally lets analysts do more with less and shifts security operations from a reactive posture to a proactive force.
Source: The Hacker news
Link: https://thehackernews.com/2025/02/soc-30-evolution-of-soc-and-how-ai-is.html
Microsoft fixes Outlook drag-and-drop broken by Windows updates
Microsoft has fixed a known issue that broke email and calendar drag-and-drop in classic Outlook after installing recent updates on Windows 24H2 systems.
According to Redmond, the updates that trigger these problems are the KB5050094 January 2025 preview cumulative update and the KB5051987 February 2025 security update.
„After installing the January 2025 Windows non-security preview update and subsequent updates on devices running Windows 11, version 24H2, you may find that you are not able to drag and drop emails or calendar items to folders in classic Outlook,“ the company explains in a support document published one week ago.
In a Wednesday update, Microsoft added that the KB5052093 preview cumulative update for Windows 11 24H2, released this Tuesday, fixes this known issue.
Until the fix is rolled out to all users during next month’s Patch Tuesday, affected Outlook users who don’t want or can’t immediately install this month’s optional update can work around the issue with a temporary fix.
Source: Bleeping computer / Dark reading
Unmanaged Devices: The Overlooked Threat CISOs Must Confront
One of my favorite things about working in security, and tech in general, is the shared attitude that no problem is unsolvable. We transitioned virtually the entire Internet from „http“ to „https“ in the name of security. Clearly, we’re not afraid of a challenge. But there’s one problem that many companies haven’t even tried to solve, and its very name seems to communicate a kind of surrender: unmanaged devices.
By „unmanaged devices,“ we’re talking about laptops, tablets, and phones that employees use at work but that aren’t covered by a mobile device management (MDM) solution, and so are outside the visibility and control of security or IT, often because the company has no effective way to prevent personal devices from authenticating. These devices might belong to contractors, Linux users, or employees using personal devices under a bring-your-own-device (BYOD) policy. A 2022 Kolide study found that 47% of companies allow unmanaged devices to access company resources. That means nearly half let sensitive data disappear onto devices with no safeguards.
Source: Dark reading
Link: https://www.darkreading.com/remote-workforce/unmanaged-devices-overlooked-threat-cisos-must-confront
The Hidden Cost of Compliance: When Regulations Weaken Security
My favorite part of my job is spending time with customers discussing their pain points, challenges, goals, and priorities. These discussions are most often enriching, fascinating, and mutually beneficial. As you might imagine, different customers have different topics that interest them, drive them, and that they are passionate about.
One topic that comes up repeatedly, especially in the Banking, Financial Services, and Insurance (BFSI) vertical is that of regulatory compliance and audit. Now, you might think that this is not particularly surprising, given that BFSI is one of the more tightly regulated verticals. What might be a bit surprising, however, is one particular pain point that customers in this vertical bring up repeatedly.
What is this mysterious pain point? I’m not sure if it has an official name or not, but many people I meet with share with me that they are spending so much time responding to regulatory findings that they hardly have time for anything else. This is troubling to say the least. It may be an uncomfortable discussion to have, but I’d argue that it is long since past the time we as a security community have this discussion.
Source: Securityweek
Link: https://www.securityweek.com/the-hidden-cost-of-compliance-when-regulations-weaken-security/
Debunking 5 myths about network automation
Imagine you’re a network engineer at an enterprise. You already have your hands full with IT priorities, including managing bandwidth related to working from home, the company’s new data center, and, more recently, computing needs to support AI adoption. Additionally, the security team has a long list of device vulnerabilities and an audit they need your help to pass by a specific deadline. So, you spend your nights and weekends managing backups and trying to keep up with configuration changes and upgrades one device at a time.
Then, your company completes an acquisition, and your workload doubles as you try to get your arms around additional network infrastructure and technologies. How do you prioritize supporting that initiative while keeping up with your daily responsibilities? It’s time to revisit network automation.
According to Gartner, 30% of enterprises will automate more than half of their network activities by 2026. You’ve considered network automation because you know it would allow you to do more impactful work, but it has been on the back burner because you never seem to have the time. Plus, talking to industry peers has raised many concerns about being sold on a great vision but with tools that don’t go far enough.
Five misconceptions remain based on a legacy of disappointing experiences. They need to be dispelled so that you can move forward with network automation and get some relief.
Source: Helpnet Security
Link: https://www.helpnetsecurity.com/2025/02/27/debunking-network-automation-myths/