{"id":89997,"date":"2019-10-15T09:00:50","date_gmt":"2019-10-15T16:00:50","guid":{"rendered":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\/?p=89997"},"modified":"2023-05-26T15:21:08","modified_gmt":"2023-05-26T22:21:08","slug":"microsoft-4-principals-effective-security-operations-center","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/10\/15\/microsoft-4-principals-effective-security-operations-center\/","title":{"rendered":"Microsoft\u2019s 4 principles for an effective security operations center"},"content":{"rendered":"<p>The Microsoft Cyber Defense Operations Center (CDOC) fields trillions of security signals every day. How do we identify and respond to the right threats? One thing that won\u2019t surprise you: we leverage artificial intelligence (AI), machine learning, and automation to narrow the focus. But technology is not enough. Our people, culture, and process are just as critical.<\/p>\n<p>You may not have trillions of signals to manage, but I bet you will still get a lot of value from a behind-the-scenes look at the CDOC. Even the small companies that I\u2019ve worked with have improved the effectiveness of their security operations centers (SOCs) based on learnings from Microsoft.<\/p>\n<p>Watch the operations episode of the <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/ciso-cybersecurity-strategy?rtc=1\" target=\"_blank\" rel=\"noopener noreferrer\">CISO Spotlight Series\u2014The people behind the cloud<\/a> to get my take and a sneak peek at our team in action. In the video, I walk you through four principles:<\/p>\n<ol>\n<li>It starts with assessment.<\/li>\n<li>Invest in the right technology.<\/li>\n<li>Hire a diverse group of people.<\/li>\n<li>Foster an innovative culture.<\/li>\n<\/ol>\n<h3>It starts with assessment<\/h3>\n<p>Before you make any changes, it helps to identify the gaps in your current security system. Take a look at your most recent attacks to see if you have the right detections in place. Offense should drive your defenses. For example:<\/p>\n<ul>\n<li>Has your organization been victim to password spray attacks?<\/li>\n<li>Have there been brute force attacks against endpoints exposed to the internet?<\/li>\n<li>Have you uncovered advanced persistent threats?<\/li>\n<\/ul>\n<p>Understanding where your organization is vulnerable will help you determine what technology you need. If you need further help, I would suggest using the <a href=\"https:\/\/attack.mitre.org\/\" target=\"_blank\" rel=\"noopener noreferrer\">MITRE ATT&amp;CK Framework<\/a>.<\/p>\n<h3>Invest in the right technology<\/h3>\n<p>As you evaluate technology solutions, think of your security operations as a funnel. At the very top are countless threat signals. There is no way your team can address all of them. This leads to employee burnout and puts the organization at risk. Aim for automation to handle 20-25 percent of incoming events. AI and machine learning can correlate signals, enrich them with other data, and resolve known incidents.<\/p>\n<p>Invest in good endpoint detection, network telemetry, a flexible security incident and event management system (SIEM) like <a href=\"https:\/\/azure.microsoft.com\/en-us\/services\/azure-sentinel\/\" target=\"_blank\" rel=\"noopener noreferrer\">Azure Sentinel<\/a>, and cloud workload protection solutions. The right technology will reduce the volume of signals that filter down to your people, empowering them to focus on the problems that machines can\u2019t solve.<\/p>\n<h3>Hire a diverse group of people<\/h3>\n<p>The people you hire matter. I attribute much of our success to the fact that we hire people who love to solve problems. You can model this approach in your SOC. Look for computer scientists, security professionals, and data scientists\u2014but also try to find people with nontraditional backgrounds like military intelligence, law enforcement, and liberal arts. People with a different perspective can introduce creative ways of looking at a problem. For example, Microsoft has had a lot of success with veterans from the military.<\/p>\n<p>I also recommend organizing your SOC into specialized, tiered teams. It gives employees a growth path and allows them to focus on areas of expertise. Microsoft uses a three-tiered approach:<\/p>\n<ul>\n<li>Tier 1 analysts\u2014These analysts are the front line. They manage the alerts generated by our SIEM and focus on high-speed remediation over a large number of events.<\/li>\n<li>Tier 2 analysts\u2014This team tackles alerts that require a deeper level of analysis. Many of these events have been escalated up from Tier 1, but Tier 2 analysts also monitor alerts to identify and triage the complex cases.<\/li>\n<li>Tier 3 analysts\u2014These are the threat hunters. They use sophisticated tools to proactively uncover advanced threats and hidden adversaries.<\/li>\n<\/ul>\n<p>For a more detailed look at how Microsoft has structured our team, read <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/04\/23\/lessons-learned-microsoft-soc-part-2-organizing-people\/\" target=\"_blank\" rel=\"noopener noreferrer\">Lessons learned from the Microsoft SOC\u2014Part 2a: Organizing people<\/a><\/p>\n<h3>Foster an innovative culture<\/h3>\n<p>Culture influences SOC performance by guiding how people treat each other and approach their work. <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/06\/06\/lessons-learned-from-the-microsoft-soc-part-2b-career-paths-and-readiness\/\" target=\"_blank\" rel=\"noopener noreferrer\">Well-defined career paths and roles<\/a> are one way to influence your culture. People want to know how their work matters and contributes to the organization. As you build your processes and team, consider how you can encourage innovation, diversity, and teamwork.<\/p>\n<p>Read how the CDOC creates culture in <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/02\/21\/lessons-learned-from-the-microsoft-soc-part-1-organization\/\" target=\"_blank\" rel=\"noopener noreferrer\">Lessons learned from the Microsoft SOC\u2014Part 1<\/a>.<\/p>\n<h3>Learn more<\/h3>\n<p>To learn more about how to run an effective SOC:<\/p>\n<ul>\n<li>Watch the <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/ciso-cybersecurity-strategy?rtc=1\" target=\"_blank\" rel=\"noopener noreferrer\">CISO Spotlight Series\u2014The people behind the cloud<\/a> to get a view into the CDOC and the Microsoft Digital Crimes Unit.<\/li>\n<li>Read posts in our <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/ciso-series\/\" target=\"_blank\" rel=\"noopener noreferrer\">CISO series<\/a> to discover successful security strategies and valuable lessons learned from CISOs and Microsoft\u2019s top security experts.<\/li>\n<li>Visit our <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/cybersecurity\" target=\"_blank\" rel=\"noopener noreferrer\">National Cybersecurity Awareness website<\/a> to get more CISO essentials.<\/li>\n<li>Bookmark the <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\" target=\"_blank\" rel=\"noopener noreferrer\">Security blog<\/a> to keep up with our expert coverage on security matters.<\/li>\n<li>Follow us at <a href=\"https:\/\/twitter.com\/@MSFTSecurity\" target=\"_blank\" rel=\"noopener noreferrer\">@MSFTSecurity<\/a> for the latest news and updates on cybersecurity.<\/li>\n<li>To learn more about how you can protect your time and empower your team, check out the <a href=\"https:\/\/www.microsoft.com\/security\/cybersecurity?ocid=AID2465281_QSG_BLOG_364843\" target=\"_blank\" rel=\"noopener noreferrer\">cybersecurity awareness page<\/a> this month.<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Microsoft Chief Cybersecurity Strategist, Jonathan Trull, outlines four principles any organization can use to improve the effectiveness of its SOC.<\/p>\n","protected":false},"author":96,"featured_media":89998,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"ep_exclude_from_search":false,"_classifai_error":"","footnotes":""},"content-type":[3659],"topic":[3672,3684,3685],"products":[3690,3691,3726],"threat-intelligence":[],"tags":[3788],"coauthors":[1916],"class_list":["post-89997","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","content-type-best-practices","topic-endpoint-security","topic-security-operations","topic-siem-and-xdr","products-microsoft-defender","products-microsoft-defender-for-cloud","products-microsoft-sentinel","tag-mitre-attck"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.9 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Microsoft\u2019s 4 principles for an effective security operations center<\/title>\n<meta name=\"description\" content=\"Microsoft Chief Cybersecurity Strategist, Jonathan Trull, outlines four principles any organization can use to improve the effectiveness of its SOC.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/10\/15\/microsoft-4-principals-effective-security-operations-center\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Microsoft\u2019s 4 principles for an effective security operations center\" \/>\n<meta property=\"og:description\" content=\"Microsoft Chief Cybersecurity Strategist, Jonathan Trull, outlines four principles any organization can use to improve the effectiveness of its SOC.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/10\/15\/microsoft-4-principals-effective-security-operations-center\/\" \/>\n<meta property=\"og:site_name\" content=\"Microsoft Security Blog\" \/>\n<meta property=\"article:published_time\" content=\"2019-10-15T16:00:50+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-05-26T22:21:08+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/10\/4-principals-for-an-effective-security-operations-center-SOCIAL.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"630\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Microsoft Security Team\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/10\/4-principals-for-an-effective-security-operations-center-SOCIAL.png\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Microsoft Security Team\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/10\/15\/microsoft-4-principals-effective-security-operations-center\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/10\/15\/microsoft-4-principals-effective-security-operations-center\/\"},\"author\":[{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/author\/microsoft-secure-blog-staff\/\",\"@type\":\"Person\",\"@name\":\"Microsoft Security Team\"}],\"headline\":\"Microsoft\u2019s 4 principles for an effective security operations center\",\"datePublished\":\"2019-10-15T16:00:50+00:00\",\"dateModified\":\"2023-05-26T22:21:08+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/10\/15\/microsoft-4-principals-effective-security-operations-center\/\"},\"wordCount\":816,\"publisher\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/10\/15\/microsoft-4-principals-effective-security-operations-center\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/10\/4-principals-for-an-effective-security-operations-center-SOCIAL.png\",\"keywords\":[\"MITRE ATT&amp;CK\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/10\/15\/microsoft-4-principals-effective-security-operations-center\/\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/10\/15\/microsoft-4-principals-effective-security-operations-center\/\",\"name\":\"Microsoft\u2019s 4 principles for an effective security operations center\",\"isPartOf\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/10\/15\/microsoft-4-principals-effective-security-operations-center\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/10\/15\/microsoft-4-principals-effective-security-operations-center\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/10\/4-principals-for-an-effective-security-operations-center-SOCIAL.png\",\"datePublished\":\"2019-10-15T16:00:50+00:00\",\"dateModified\":\"2023-05-26T22:21:08+00:00\",\"description\":\"Microsoft Chief Cybersecurity Strategist, Jonathan Trull, outlines four principles any organization can use to improve the effectiveness of its SOC.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/10\/15\/microsoft-4-principals-effective-security-operations-center\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/10\/15\/microsoft-4-principals-effective-security-operations-center\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/10\/15\/microsoft-4-principals-effective-security-operations-center\/#primaryimage\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/10\/4-principals-for-an-effective-security-operations-center-SOCIAL.png\",\"contentUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/10\/4-principals-for-an-effective-security-operations-center-SOCIAL.png\",\"width\":1200,\"height\":630,\"caption\":\"Image of an office.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/10\/15\/microsoft-4-principals-effective-security-operations-center\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Microsoft\u2019s 4 principles for an effective security operations center\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\",\"name\":\"Microsoft Security Blog\",\"description\":\"Expert coverage of cybersecurity topics\",\"publisher\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\",\"name\":\"Microsoft Security Blog\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png\",\"contentUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png\",\"width\":512,\"height\":512,\"caption\":\"Microsoft Security Blog\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Microsoft\u2019s 4 principles for an effective security operations center","description":"Microsoft Chief Cybersecurity Strategist, Jonathan Trull, outlines four principles any organization can use to improve the effectiveness of its SOC.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/10\/15\/microsoft-4-principals-effective-security-operations-center\/","og_locale":"en_US","og_type":"article","og_title":"Microsoft\u2019s 4 principles for an effective security operations center","og_description":"Microsoft Chief Cybersecurity Strategist, Jonathan Trull, outlines four principles any organization can use to improve the effectiveness of its SOC.","og_url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/10\/15\/microsoft-4-principals-effective-security-operations-center\/","og_site_name":"Microsoft Security Blog","article_published_time":"2019-10-15T16:00:50+00:00","article_modified_time":"2023-05-26T22:21:08+00:00","og_image":[{"width":1200,"height":630,"url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/10\/4-principals-for-an-effective-security-operations-center-SOCIAL.png","type":"image\/png"}],"author":"Microsoft Security Team","twitter_card":"summary_large_image","twitter_image":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/10\/4-principals-for-an-effective-security-operations-center-SOCIAL.png","twitter_misc":{"Written by":"Microsoft Security Team","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/10\/15\/microsoft-4-principals-effective-security-operations-center\/#article","isPartOf":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/10\/15\/microsoft-4-principals-effective-security-operations-center\/"},"author":[{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/author\/microsoft-secure-blog-staff\/","@type":"Person","@name":"Microsoft Security Team"}],"headline":"Microsoft\u2019s 4 principles for an effective security operations center","datePublished":"2019-10-15T16:00:50+00:00","dateModified":"2023-05-26T22:21:08+00:00","mainEntityOfPage":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/10\/15\/microsoft-4-principals-effective-security-operations-center\/"},"wordCount":816,"publisher":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/10\/15\/microsoft-4-principals-effective-security-operations-center\/#primaryimage"},"thumbnailUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/10\/4-principals-for-an-effective-security-operations-center-SOCIAL.png","keywords":["MITRE ATT&amp;CK"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/10\/15\/microsoft-4-principals-effective-security-operations-center\/","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/10\/15\/microsoft-4-principals-effective-security-operations-center\/","name":"Microsoft\u2019s 4 principles for an effective security operations center","isPartOf":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/10\/15\/microsoft-4-principals-effective-security-operations-center\/#primaryimage"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/10\/15\/microsoft-4-principals-effective-security-operations-center\/#primaryimage"},"thumbnailUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/10\/4-principals-for-an-effective-security-operations-center-SOCIAL.png","datePublished":"2019-10-15T16:00:50+00:00","dateModified":"2023-05-26T22:21:08+00:00","description":"Microsoft Chief Cybersecurity Strategist, Jonathan Trull, outlines four principles any organization can use to improve the effectiveness of its SOC.","breadcrumb":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/10\/15\/microsoft-4-principals-effective-security-operations-center\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/10\/15\/microsoft-4-principals-effective-security-operations-center\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/10\/15\/microsoft-4-principals-effective-security-operations-center\/#primaryimage","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/10\/4-principals-for-an-effective-security-operations-center-SOCIAL.png","contentUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/10\/4-principals-for-an-effective-security-operations-center-SOCIAL.png","width":1200,"height":630,"caption":"Image of an office."},{"@type":"BreadcrumbList","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/10\/15\/microsoft-4-principals-effective-security-operations-center\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/"},{"@type":"ListItem","position":2,"name":"Microsoft\u2019s 4 principles for an effective security operations center"}]},{"@type":"WebSite","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/","name":"Microsoft Security Blog","description":"Expert coverage of cybersecurity topics","publisher":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization","name":"Microsoft Security Blog","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png","contentUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png","width":512,"height":512,"caption":"Microsoft Security Blog"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/"}}]}},"msxcm_display_generated_audio":false,"distributor_meta":false,"distributor_terms":false,"distributor_media":false,"distributor_original_site_name":"Microsoft Security Blog","distributor_original_site_url":"https:\/\/www.microsoft.com\/en-us\/security\/blog","push-errors":false,"_links":{"self":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts\/89997"}],"collection":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/users\/96"}],"replies":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/comments?post=89997"}],"version-history":[{"count":0,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts\/89997\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/media\/89998"}],"wp:attachment":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/media?parent=89997"}],"wp:term":[{"taxonomy":"content-type","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/content-type?post=89997"},{"taxonomy":"topic","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/topic?post=89997"},{"taxonomy":"products","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/products?post=89997"},{"taxonomy":"threat-intelligence","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/threat-intelligence?post=89997"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/tags?post=89997"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/coauthors?post=89997"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}