New Paper: “Autonomic Security Operations — 10X Transformation of the Security Operations Center”

  • Autonomic Security Operations is a combination of philosophies, practices, and tools that improve an organization’s ability to withstand security attacks through an adaptive, agile, and highly automated approach to threat management. “
  • “An unfortunate common theme of many cloud transformations is that the SOC requirements get deprioritized when organizations have tight timelines and budgets to drive their teams to the cloud. The reason being, most SOC teams are too busy fighting fires and don’t have the spare cycles to focus on adapting their use cases to cloud workloads and modernizing their own infrastructure.”
  • “To be 10 times more effective with the people component, your SOC cannot achieve this by increasing the personnel by a factor of 10. As of today, both threats and technology resources that need effective security are increasing at a much faster pace than people entering the workforce. […] It is absolutely impossible for most organizations to 10x their headcount in a SOC.”
  • ”At Google and across other industry-leading security operations teams, the role of an analyst is not simply to manage cases and perform tier-1 level work. Analysts are engineers, architects, project managers, and are empowered to be leaders of their subject matter focus. At such a SOC, the concept of Level 1 to Level 3 analysts is a thing of the past, rather, you should organize teams based on aligning skills to the use cases that fall under their purview.”
  • The SOC can only truly be 10X and transformative if it also has strong influence over the upstream elements of the security lifecycle. You can make a significant impact on the amount of alerts that get into your SOC if your team has a strong integration with your DevOps practice. A deep understanding of how infrastructure and applications are securely built, deployed, and managed across your organization paired with your ability to influence this design can only improve your ability to catch attackers at their earliest onset, or even better, prevent them from getting in entirely.”

--

--

--

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Announcement on LBank’s opening of holding SFIL to distribute mining revenue

Ethereum Support for ZK-SNARKs

Personal data isn’t the ‘new oil,’ it’s a way to manipulate capitalism

Introducing Gambi

{UPDATE} Forge of Empires: Build a City Hack Free Resources Generator

A Better Way of Working in a Mobile Age (part-3)

Oblivious DNS Boosting privacy and aligning with CIA

Anchor_dns malware family goes cross platform

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Chronicle

Chronicle

More from Medium

How to write detection rules in YARA-L for Google Chronicle

Security Analyst Diaries #2: Detect-alert-respond, context is key everywhere in security operations.

Watch Security Data Lakes Branch Out in 2022

A Look At IBM QRadar XDR: The Future of Modern SOC