This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
SOC Modernization: Where Do We Go from Here?
Security operation centers (SOCs) remain a crucial component of an effective security program. Their mission is to detect threats in a timely manner, investigate and respond to them in order to minimize impact to the business, and work closely with the business to ensure new initiatives — such as cloud transformation – are properly architected with the right defenses.
SOC modernization is usually understood to mean applying more automation and security tools to address the challenges of an expanding attack surface, security talent shortage, and too many alerts from too many tools.
But SOC modernization extends far beyond technology alone, providing organizations with an opportunity to reassess skills and roles and support a distributed workforce – while incorporating human creativity and innovation as a strategic force multiplier.
So what is holding so many organizations back from SOC modernization?
Join us for a live discussion with Dr. Anton Chuvakin, Security Advisor at Office of the CISO, Google Cloud and Phil Neray, VP of Cyber Defense Strategy at CardinalOps, as they discuss the key forces shaping modern security operations.
Building upon the ideas described in the “Future of the SOC” white paper by Google Cloud and Deloitte, the webinar will discuss thought provoking concepts including:
- Balancing process consistency and human creativity: Strong thought-out processes are what differentiates organizations with mature defensive capabilities from those with only a collection of the latest shiny toys. But the challenge for a modern security leader is balancing the need for repeatable, predictable, and effective processes on one side – with the need to harness human creativity, initiative, and innovation on the other side. This is essential to defending against our adversaries who are also human actors and constantly adapting.
- Intelligence operationalization and threat modeling: MITRE ATT&CK has become the lingua franca of security operations, but many organizations haven’t yet gotten beyond using it only as a reference source. SOC modernization takes this a step further by operationalizing MITRE ATT&CK for use cases like tracking adversary behavior and prioritizing the continuous development of new detection logic based on the specific APT groups targeting your organization, combined with business contextual information around your organization's crown-jewel assets.
- Data science and analytics: Unfortunately, even with world class threat intelligence, threat modeling, and continuous Dev/SecOps initiatives, the team may still encounter threats that are using truly novel techniques and methods. There is hope, however, as the combination of statistical and analytical modeling coupled with existing SOC processes provides the SOC a fighting chance. Modern computing and cloud-enabled services unlock the power to comb through data in speeds and quantities never before possible. This is the only way a SOC can possibly identify patterns and anomalies that would have previously remained undetected from legacy SOC methods. We as security professionals are no longer looking for the needle in a haystack by continuously defining what a new needle looks like, we can now query the haystack to tell us what unusual hay looks like.
VP of Cyber Defense Strategy
Phil Neray is the VP of Cyber Defense Strategy at CardinalOps. He has over 20 years of cybersecurity experience, with a track record of helping grow revenue and establish dominant brands for both early-stage startups and large corporations. Phil comes to CardinalOps from Microsoft Security, which he joined after the acquisition of CyberX. Phil previously held executive roles at IBM Security/Q1 Labs, Guardium (acquired by IBM), Veracode, Symantec, and ON Technology (acquired by Symantec). He has a BSEE from McGill University and is certified in cloud security (CCSK).
Dr. Anton Chuvakin
CISO, Google Cloud
Dr. Chuvakin is a leader of the security solution strategy at Google Cloud, where he arrived via the Chronicle Security (an Alphabet company) acquisition in July 2019. Until June 2019, Dr. Anton Chuvakin was a Research VP and Distinguished Analyst at Gartner for Technical Professionals (GTP) Security and Risk Management Strategies (SRMS) team. At Gartner he covered a broad range of security operations and detection and response topics and is credited with inventing the term "EDR." He also worked for some of the earliest log management companies in the early 2000s.
Terry Sweeney is a Los Angeles-based writer and editor who's covered business technology for three decades. He's written about cyber security for more than 15 years and was one of the founding editors of Dark Reading. Sweeney has covered enterprise networking extensively, as well as its supporting technologies like storage, wireless, cloud-based apps and the emerging Internet of Things. He's been a contributing editor to The Washington Post, Crain’s New York Business, Red Herring, Information Week, Network World, SearchAWS.com, and Stadium Tech Report.