Key Takeaways (Summary by Anton Chuvakin):
- SOC is first a TEAM. Next a PROCESS. And it uses TECHNOLOGY too, but ultimately people and process defines SOC success
- Key challenges in building a modern SOC include (1) gaining visibility with the expanding attack surface (2) managing alerts and volumes of data (3) retaining an engaged and loyal staff, keeping them productive and engaged
- Engineers who create alerts should be the same or in lock step with those who respond to alerts. Reduce the amount of friction between people who do those tasks today in your SOC.
- As you build a modern and hybrid SOC, there are parts of a SOC that do and don’t outsource well.
1.Contributors (Security Heads Of Organizations)
- Anton Chuvakin, Google Cloud
- Rajesh Thapar, Axis Bank
- Vishal Salvi, Infosys
- Durga Dube, Reliance
- Harshad Mengle, Future Group
- Imran Mohd., L&T Financial Service
- Satyajit, Indusind Bank
- Vikas Kapoor, Vodafone
- Vikas Yadav, Nykaa
- Sanjay Suri, Nykaa
- Nitin Gaur, Omega Healthcare
- Sanil Anand, SLK Global
- Vishwas Pitre, Zensar
- Maya Agarwal, Google Cloud
- Bikash Barai, CISO Platform, FireCompass
2.Challenges of Modern SOC
- Visibility of all assets
- People and skill availability
- Maintaining continuous updation of Tech Stack
- Getting right insights from huge volume of incident events
- Assurance to management
- False positive
- Scaling response handling
- People harder to hire at scale of event incident log
- Attack surface grows faster than people can be hired
- Increased signals and alerts
- Integration and dependency on environment (AWS, Azure)
- Management’s education and awareness on SOC impact
- Optimising expense on SOC
3. Critical Capabilities /SOC Tool Essentials
- Use AI to automate SOC Analyst L1 level job
- Improve threat visibility
- Have great talent pool
- Standardised dashboard for management
4.Questions To Choose Right SOC Partner
- How do you onboard clients ?
- What AI have you used to reduce reliance on human resources ?
- How did you handle a breach (past) ?
- How many customers & segregation (industry, geography) ?
- What is the wallet share of services consumed ?
- Have you been able to successfully replace previous SOC ?
- What is the relative importance of people over processes in your organization ? (Hint: Great people should be more important)