MixMode’s Head of Sales and Alliances, Geoff Coulehan, shares how MixMode was able to identify critical risk factors coming from inside bad actors that had gone undetected by a large U.S. city’s SIEM and UBA platforms despite their multi-year deployments and their decision to decommission their User Behavior Analytics (UBA) platform. 

Coulehan said, “The data retention and the appliance costs alone for after-the-fact forensic search and investigation was costing them more than an enterprise deployment of MixMode.”

As described in this blog, the current state of the SOC is an add-on solution cycle, where providing adequate cybersecurity requires a whack-a-mole approach, with a new issue popping up immediately to take the place of a resolved issue. Here’s an example of how this scenario tends to play out:

  1. Invest in a new SIEM to correlate, search, and investigate historical log data.
  2. Add an NTA platform.
  3. Deploy a UBA vendor for internal threat detection lacking in the SIEM and NTA.
  4. Invest in a costly third party SOAR platform that promises to make all these moving parts work together.
  5. Consult with an XDR vendor and get ready to make yet another additive purchase that may or may not deliver on overall network security goals.
  6. And so on.

There’s no jumping off this cycle once it begins, if every “solution” is just a band-aid or a new source for new problems and another contract to justify to the CFO.

Watch more in this video: