MixMode’s Head of Sales and Alliances, Geoff Coulehan, shares how MixMode was able to identify critical risk factors coming from inside bad actors that had gone undetected by a large U.S. city’s SIEM and UBA platforms despite their multi-year deployments and their decision to decommission their User Behavior Analytics (UBA) platform.
Coulehan said, “The data retention and the appliance costs alone for after-the-fact forensic search and investigation was costing them more than an enterprise deployment of MixMode.”
As described in this blog, the current state of the SOC is an add-on solution cycle, where providing adequate cybersecurity requires a whack-a-mole approach, with a new issue popping up immediately to take the place of a resolved issue. Here’s an example of how this scenario tends to play out:
- Invest in a new SIEM to correlate, search, and investigate historical log data.
- Add an NTA platform.
- Deploy a UBA vendor for internal threat detection lacking in the SIEM and NTA.
- Invest in a costly third party SOAR platform that promises to make all these moving parts work together.
- Consult with an XDR vendor and get ready to make yet another additive purchase that may or may not deliver on overall network security goals.
- And so on.
There’s no jumping off this cycle once it begins, if every “solution” is just a band-aid or a new source for new problems and another contract to justify to the CFO.
Watch more in this video: