Cybersecurity insights from industry experts.

Threat Intelligence Is Growing — Here's How SOCs Can Keep Up

By integrating XDR and SIEM, security professionals can automate correlation and prioritization of alerts across a broad swath of security infrastructure.

Microsoft Security, Microsoft

July 26, 2023

3 Min Read
illustration of a two-level security operations center
Source: Adobe Stock

Timely, comprehensive threat intelligence is a significant component of any good cybersecurity strategy. It helps organizations understand what their threats are, where their vulnerabilities lie, and what strategies they can use to harden their defenses.

However, threat intel is also a rapidly growing industry. Projected to reach $4.93 billion by the end of this year, the global threat intel market is also expected to grow more than 20% annually, reaching $18.11 billion by 2030. And while this is positive news for the strength of cyber defenses everywhere, it also translates into an enormous amount of threat intel signals for security operations center (SOC) teams to track. 

As more companies advance along their digital transformation journeys, SOC teams need a way to connect disparate data from across the enterprise to create a comprehensive view of their attack surface. More importantly, SOCs must be able to sort through this mountain of information to rapidly surface relevant insights at the speed of defense. 

SOC Challenges and Solutions

Like many security teams, SOCs are under an enormous amount of pressure to keep pace with the ever-changing tactics of cybercriminals. We're seeing a bend of increasingly frequent and sophisticated cyberattacks, so SOCs must operate around the clock to remain vigilant in the face of these threats. Last year, Microsoft identified a 130% increase in ransomware attacks and blocked 70 billion email and identity threats. These numbers underscore the scale of the challenges and the absolutely daunting responsibility that SOCs face.

Security signals from open source threat intel, threat intel feeds, and in-house analysis enable SOCs to stay current about threat groups and infrastructure risks so they can protect against the latest attack vectors. Comprehensive threat intel also plays a significant role in proactively identifying and addressing system or process vulnerabilities before malicious actors have a chance to exploit them.

But it's not just the actions of cybercriminals that are straining SOC resources. That same 130% increase in ransomware attacks translated into more than 10,000 alerts every day for SOCs. More broadly, Microsoft Security synthesizes 65 trillion daily security signals from across the global threat landscape. And while we deploy more than 8,000 security researchers, analysts, and threat hunters to analyze this information, it's impossible for human efforts alone to sufficiently monitor and act on this level of data. More advanced technology solutions are needed.

Unified extended detection and response (XDR) and security information and event management (SIEM) can help. Bolstered by advanced artificial intelligence (AI) and machine-learning (ML) algorithms, XDR and SIEM provide SOCs with end-to-end threat visibility across the entire enterprise. These solutions work by automatically correlating and prioritizing security alerts across identities, endpoints, applications, email, the Internet of Things (IoT), infrastructure, and cloud platforms. This, in turn, allows SOCs to focus their efforts on preventing, detecting, and responding to threats rather than sifting through raw data. Furthermore, internal XDR and SIEM inputs can be combined with third-party threat intel to inform future ML models. 

Threat activity may be growing, but existing security solutions are evolving in kind. By leveraging solutions like unified XDR and SIEM, SOC teams and their counterparts can better keep pace with the emergence of new threat intel and react quickly to create digital environments for all.

Read more Partner Perspectives from Microsoft Security.

Read more about:

Partner Perspectives

About the Author

Microsoft Security

Microsoft

Protect it all with Microsoft Security.

Microsoft offers simplified, comprehensive protection and expertise that eliminates security gaps so you can innovate and grow in a changing world. Our integrated security, compliance, and identity solutions work across platforms and cloud environments, providing protection without compromising productivity.

We help customers simplify the complex by prioritizing risks with unified management tools and strategic guidance created to maximize the human expertise inside your company. Our unparalleled AI is informed by trillions of signals so you can detect threats quickly, respond effectively, and fortify your security posture to stay ahead of ever-evolving threats.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights