“Meantime to Detection Is Everything. It's Everything, Everything, Everything.”
Silo Busting 57: Assessing the State of Today’s SOC Teams
Not soccer teams: SOC teams. When we say SOC, we’re talking, of course, about the Security Operation Center, a group charged with monitoring, detecting, preventing, and responding to cyber threats. In this #CybersecurityByDesign conversation Michael Mumcuoglu, CEO and Founder of CardinalOps, Sam Rehman, EPAM’s Chief Information Security Officer and SVP, and Aviv Srour, our Head of Cyber Innovation, illustrate the term with vivid examples and relevant, up-to-the-minute details.
The big challenge is the ever-increasing complexity of our digital systems. “The rate of tech adoption in the business and the evolving threat landscape are basically outpacing the SOC,” says Mumcuoglu. He says that SOC teams are involved in “a constant chase trying to catch up with all that change.”
Education is a constant for the SOC team. “With every new tool and with every new technology, that team needs to have now subject matter experts in really have a huge range of technologies,” Mumcuoglu says.
Part of the issue involves rules. “I have seen many incidents which could have been easily prevented with the proper rules,” says Srour.
The three cyber experts talk about collecting logs, blind spots, staying up-to-date and handling the burden of false positives.
Rehman says that for most CISOs, “the abundance of white noise” would not just cause a capacity problem but would “numb the system down, meaning your teams would now no longer have the right awareness of what is really an anomaly, what is really odd, what is really something that requires investigation. That abundance of white noise actually would kill your system.”
In other words: SOC today is anything but a game. It’s serious business. Learn what it takes to train your team from some veteran players.
Host: Alison Kotin
Engineer: Kyp Pilalas
Producer: Ken Gordon