Welcome to our

Cyber Security News Aggregator

.

Cyber Tzar

provide a

cyber security risk management

platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.

Why “contained” doesn’t mean “safe” in modern SOCs

published on 2025-09-25 09:12:34 UTC by /u/SuccessfulMountain64
Content:

I’ve been seeing more and more cases where the SOC reports success, process killed, host isolated, dashboard green. Yet weeks later the same organisation is staring at ransom notes or data leaks.

The problem: we treat every alert like a dodgy PDF. Malware was contained. The threat actor was not.

SOCs measure noise (MTTD, MTTR, auto-contain). Adversaries measure impact (persistence, privilege, exfiltration). That’s why even fully “security-compliant” companies lose millions every day. Look at what's happening in the UK.

Curious how others here are approaching this:

  • Do you have workflows that pivot from containment to investigation by default?
  • How do you balance speed vs depth when you suspect a human adversary is involved?
  • Are you baking forensic collection into SOC alerts, or leaving it for the big crises?

Full piece linked for context.

submitted by /u/SuccessfulMountain64
[link] [comments]
Article: Why “contained” doesn’t mean “safe” in modern SOCs - published 24 days ago.

https://www.reddit.com/r/netsec/comments/1nq1xu9/why_contained_doesnt_mean_safe_in_modern_socs/   
Published: 2025 09 25 09:12:34
Received: 2025 09 25 09:18:22
Feed: /r/netsec - Information Security News and Discussion
Source: /r/netsec - Information Security News and Discussion
Category: Cyber Security
Topic: Cyber Security
Views: 13

Custom HTML Block

Click to Open Code Editor