Security operation centers (SOCs) remain a crucial component of an effective security program. Their mission is to detect threats in a timely manner, investigate and respond to them in order to minimize impact to the business, and work closely with the business to ensure new initiatives — such as cloud transformation – are properly architected with the right defenses.
SOC modernization is usually understood to mean applying more automation and security tools to address the challenges of an expanding attack surface, security talent shortage, and too many alerts from too many tools.
But SOC modernization extends far beyond technology alone, providing organizations with an opportunity to reassess skills and roles and support a distributed workforce – while incorporating human creativity and innovation as a strategic force multiplier.
So what is holding so many organizations back from SOC modernization?
Join us for a live discussion with Dr. Anton Chuvakin, Security Advisor at Office of the CISO, Google Cloud and Phil Neray, VP of Cyber Defense Strategy at CardinalOps, as they discuss the key forces shaping modern security operations.
Building upon the ideas described in the “Future of the SOC” white paper by Google Cloud and Deloitte, the webinar will discuss thought provoking concepts including:
- Balancing process consistency and human creativity: Strong thought-out processes are what differentiates organizations with mature defensive capabilities from those with only a collection of the latest shiny toys. But the challenge for a modern security leader is balancing the need for repeatable, predictable, and effective processes on one side – with the need to harness human creativity, initiative, and innovation on the other side. This is essential to defending against our adversaries who are also human actors and constantly adapting.
- Intelligence operationalization and threat modeling: MITRE ATT&CK has become the lingua franca of security operations, but many organizations haven’t yet gotten beyond using it only as a reference source. SOC modernization takes this a step further by operationalizing MITRE ATT&CK for use cases like tracking adversary behavior and prioritizing the continuous development of new detection logic based on the specific APT groups targeting your organization, combined with business contextual information around your organization's crown-jewel assets.
- Data science and analytics: Unfortunately, even with world class threat intelligence, threat modeling, and continuous Dev/SecOps initiatives, the team may still encounter threats that are using truly novel techniques and methods. There is hope, however, as the combination of statistical and analytical modeling coupled with existing SOC processes provides the SOC a fighting chance. Modern computing and cloud-enabled services unlock the power to comb through data in speeds and quantities never before possible. This is the only way a SOC can possibly identify patterns and anomalies that would have previously remained undetected from legacy SOC methods. We as security professionals are no longer looking for the needle in a haystack by continuously defining what a new needle looks like, we can now query the haystack to tell us what unusual hay looks like.