"LinkedIn Has Massively Cut the Time It Takes to Detect Security Threats. Here's How It Did It"
Protecting against phishing, malware, and other cyber threats is a significant cybersecurity problem for any organization, but when a company has over 20,000 workers and operates a service used by nearly a billion people, the challenge becomes considerably more difficult. LinkedIn, the world's largest professional network, has over 875 million members, ranging from entry-level professionals to high-level executives, who use it to network with colleagues and peers, share ideas, and find new employment opportunities. LinkedIn's Threat Detection and Incident Response team is responsible for ensuring its systems' security against various developing cyber threats. It is common knowledge that skilled hacking groups have prominent firms such as LinkedIn in their sights, whether they are attempting to fool users into clicking phishing links or installing malware through manipulative social engineering attacks. LinkedIn's Moonbase program sought to improve threat identification and incident response while enhancing the quality of life for LinkedIn's security analysts and engineers by automating file and server log examination. Between March and September 2022, LinkedIn reconstructed its threat detection and monitoring capabilities, as well as its Security Operations Center (SOC). This process began with reevaluating how potential threats are initially examined and recognized. Jeff Bollinger, the company's director of incident response and detection engineering, emphasizes that it is essential for every team and program to begin with an accurate threat model, as it is important to identify the actual risks facing the organization. This awareness begins with an analysis of the data that need protection the most, such as intellectual property, customer information, and information governed by laws or regulations. This article continues to discuss how LinkedIn made its cybersecurity operations more effective.