New Paper: “Autonomic Security Operations — 10X Transformation of the Security Operations Center”

  • Autonomic Security Operations is a combination of philosophies, practices, and tools that improve an organization’s ability to withstand security attacks through an adaptive, agile, and highly automated approach to threat management. “
  • “An unfortunate common theme of many cloud transformations is that the SOC requirements get deprioritized when organizations have tight timelines and budgets to drive their teams to the cloud. The reason being, most SOC teams are too busy fighting fires and don’t have the spare cycles to focus on adapting their use cases to cloud workloads and modernizing their own infrastructure.”
  • “To be 10 times more effective with the people component, your SOC cannot achieve this by increasing the personnel by a factor of 10. As of today, both threats and technology resources that need effective security are increasing at a much faster pace than people entering the workforce. […] It is absolutely impossible for most organizations to 10x their headcount in a SOC.”
  • ”At Google and across other industry-leading security operations teams, the role of an analyst is not simply to manage cases and perform tier-1 level work. Analysts are engineers, architects, project managers, and are empowered to be leaders of their subject matter focus. At such a SOC, the concept of Level 1 to Level 3 analysts is a thing of the past, rather, you should organize teams based on aligning skills to the use cases that fall under their purview.”
  • The SOC can only truly be 10X and transformative if it also has strong influence over the upstream elements of the security lifecycle. You can make a significant impact on the amount of alerts that get into your SOC if your team has a strong integration with your DevOps practice. A deep understanding of how infrastructure and applications are securely built, deployed, and managed across your organization paired with your ability to influence this design can only improve your ability to catch attackers at their earliest onset, or even better, prevent them from getting in entirely.”

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Preventing Data Loss

How Cryptographic Hash Functions Solve a Very Difficult and Important Problem

The Social Engineer’s Guide to Phishing: Part II

{UPDATE} Tiger Multiplayer - Siberia Hack Free Resources Generator

Working with ElevenPaths

The Ultimate Checklist on Ways to Prevent IoT Data Compromise

Behind the Man-in-the-Middle Attacks For Connected Cars: Real-Life Interception of Network Traffic…

BIGCASH removed from the PLAY STORE on false claims.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Chronicle

Chronicle

More from Medium

Security Analyst Diaries: Detecting GCP CIS control violations with native GCP Cloud Audit Logging…

How to write detection rules in YARA-L for Google Chronicle

Defender’s Mindset

Practical Detection-as-Code