WTH is Modern SOC, Part 1

Back in 2016 when I was a Gartner analyst, I was obsessed with the same question.
As I said in my now-dead Gartner blog, a lot of security operation centers looked like they were built on a blueprint of a classic paper written by somebody from ArcSight around 2003.
However the conversations I mention above imply that we collectively still lack clarity on the modern SOC concept.
Note that there is another element to this discussion.
Those who read the original Netflix 2018 SOCless paper would be very familiar with an engineering-led model for D&R operations.
2018 is half a decade away and it pains me to say that the elements of this model are not widely adopted by many organizations, outside of the cream of the cream of the crop of tech companies.
That model, while extremely effective, seems to be living exclusively in these ultra-elite companies.
Some elements from our 2016 paper still look modern, but can be done a) in a non-modern manner or b) in a manner decoupled from a SOC. For example, you can have a SOAR tool that you either cannot handle, or only use for phishing playbooks.
Another example: you can hunt, but then not flow the findings into detections powering your SOC. Expansion beyond SIEM/logs was modern circa 2015, but now everybody has EDR. Everybody sane moved or is moving to SaaS SIEM. Threat intel use gradually expanded, but there is no revolution happening here - just improvements.
We treated selective use of outsourcing and MDRs as a sign of modernity in a SOC, but as an auxiliary one at that.
Automating L1 and L2 jobs is a goal, not a characteristic.
Redoing the team structure away from the L1/L2/L3 funnel is a byproduct of a SOC transformation, not a goal.
AI does not transform anything on its own, humans do.
I think the center of gravity for a modern SOC is automation.
It is the relentless drive to D&R automation powered by a rapid and thus effective feedback loop and engineering - led mentality.
To put it mildly, automation in a SOC is commonly misunderstood.
Modern SOC, as I hypothesize here, is about a relentless drive to automate yourself out of a SOC job, something that SRE people did before us.
We have a bit of a road ahead I am thinking of another blog that examines other dimensions that describe a modern SOC circa 2024.
WTH is Modern SOC, Part 1 was originally published in Anton on Security on Medium, where people are continuing the conversation by highlighting and responding to this story.
This is a Security Bloggers Network syndicated blog from Stories by Anton Chuvakin on Medium authored by Anton Chuvakin.


This Cyber News was published on securityboulevard.com. Publication date: Sat, 09 Dec 2023 05:13:06 +0000


Cyber News related to WTH is Modern SOC, Part 1

The Importance of SOC 2 Templates - Between navigating the SOC 2 landscape and implementing the proper controls and security systems, the to-do list quickly becomes overwhelming. Many tasks required for successful SOC 2 compliance don't come with a 'how-to' manual. In this piece, we're ...
11 months ago Securityboulevard.com
WTH is Modern SOC, Part 1 - Back in 2016 when I was a Gartner analyst, I was obsessed with the same question. As I said in my now-dead Gartner blog, a lot of security operation centers looked like they were built on a blueprint of a classic paper written by somebody from ...
1 year ago Securityboulevard.com
Unlocking Security Excellence: The Power of SOC-as-a-Service - In today's interconnected digital landscape, organizations face a constant barrage of cyberthreats. The increasing complexity and sophistication of these attacks require robust security measures to safeguard sensitive data and ensure business ...
1 year ago Securityboulevard.com
SOC Evolution Is About More Than Automation - Among the most critical concerns in the cybersecurity community is the apparent scarcity of a workforce with the requisite skills and training to keep pace with the expanding attack surface. According to recent research from ISC2, the global industry ...
10 months ago Cybersecurity-insiders.com
A Comprehensive Guide To Achieving SOC 2 Compliance - Obtaining SOC 2 compliance demonstrates an organization's commitment to data security and privacy, which can enhance trust and confidence among customers and partners. SOC 2 is a framework developed by the AICPA to assess the various trust service ...
10 months ago Feeds.dzone.com
Cisco XDR: SLEDs "SOC in a Box" - For State, Local, and Education entities the Security Operations Center is a required tool in the toolbox and a necessity for Cyber Insurance. Threats to data and information are ever evolving, and better safeguarding the security of SLED entities is ...
1 year ago Feedpress.me
Elevate Your Security: Meet Modern Attacks With Advanced CSPM - Recent surges in cloud attacks and breaches have given attention to how teams should efficiently protect and run applications in the cloud. This is especially true as misconfigurations top the list of security threats in cloud environments and are ...
1 year ago Securityboulevard.com
Shining a Light on Modern Cyber Battlefield Attacks - It's safe to say that the sophistication of today's criminals is far outpacing the evolution of the defenses they are attacking. A great example of this mismatch is the explosion of malware executing modern battlefield attacks. These attacks first ...
1 year ago Cybersecurity-insiders.com
IT consultant in Germany fined for exposing shoddy security The Register - A security researcher in Germany has been fined €3,000 for finding and reporting an e-commerce database vulnerability that was exposing almost 700,000 customer records. Back in June 2021, according to our pals at Heise, an contractor identified ...
11 months ago Theregister.com
3 Best Practices for SOC Leaders for Staying Ahead In 2024 - For security operations center leaders, staying ahead of security threats is a substantial challenge as the cyberthreat landscape is constantly evolving. If SOC leaders fail to proactively monitor and readily adapt to these rising and ever-changing ...
10 months ago Securityboulevard.com
SANS Institute Research Shows the Frameworks Organizations Use - The report shares and analyzes research on a range of security operations center practices and outlines the current state of the SOC within many organizations, based on in-depth survey findings of IT and cybersecurity professionals from around the ...
1 year ago Darkreading.com
The Keys to Modernizing the SOC - Security teams worldwide all experience a similar shared frustration: the overwhelming volumes of low-fidelity alerts and false positives that SOCs receive every day. Eliminating the burden on SOC analysts is mission-critical to proactive threat ...
11 months ago Paloaltonetworks.com
Playbooks on-prem - To address this challenge, Sekoia.io has recently released Playbooks on-prem. In this way, Playbooks on-prem may appeal to companies seeking to synchronize cloud actions with those executed on-premises. At its core, Playbooks on-prem revolve around a ...
10 months ago Blog.sekoia.io
Microsoft is a Leader in the 2024 Gartner® Magic Quadrant™ for Security Information and Event Management​​ - We are pleased to announce that Microsoft has been recognized as a Leader in the Gartner® Magic Quadrant™ for Security Information and Event Management. 1 We believe our position in the Leaders quadrant validates our vision and continued ...
7 months ago Microsoft.com
Vectra AI Launches Global, 24x7 Open MXDR Service Built to Defend Against Hybrid Attacks - PRESS RELEASE. San Jose, Calif. - February 15, 2024 - Vectra AI, Inc., the leader in hybrid attack detection, investigation and response, today announced the launch of Vectra MXDR services, the industry's first global, 24x7 open MXDR service built to ...
10 months ago Darkreading.com
The Role of IoT in Modern Education - From smart classrooms equipped with IoT devices to personalized learning platforms, IoT has paved the way for a more immersive and tailored educational experience. Overall, the integration of IoT in education holds great promise in transforming the ...
11 months ago Securityzap.com
Titanium and LogRhythm: Elevating Visibility into Cybersecurity Risks in Pakistan - Titanium stands as the information security division of Pakistan's leading ISP Cybernet. Over the years, the company has expanded into diverse technology services including nation's enterprise cloud service provider and pioneering managed security & ...
10 months ago Securityboulevard.com
Don't Let AI Adoption Outpace Due Diligence - Our objective is to present different viewpoints and predictions on how artificial intelligence is impacting the current threat landscape, how PAN protects itself and its customers, as well as implications for the future of cybersecurity. Large ...
11 months ago Paloaltonetworks.com
Aim for a modern data security approach - Risk, compliance, governance, and security professionals are finally realizing the importance of subjecting sensitive workloads to robust data governance and protection the moment the data begins traversing the data pipeline. Why current data ...
1 year ago Helpnetsecurity.com
Windows Incident Response: EDRSilencer - Going unnoticed on an endpoint when we believe or feel that EDR is prevalent can be a challenge, and this could be the reason why these discussions have taken hold. If you look at other aspects of EDR and SOC operations, there are plenty of ...
11 months ago Windowsir.blogspot.com
2023 Updates in Review: Malware Analysis and Threat Hunting - Throughout ReversingLabs' 14-year history, our products have constantly excelled and improved to tailor the needs of our customers and match the changing cybersecurity threat landscape. This past year, we have delivered key improvements to ...
11 months ago Securityboulevard.com
Investing in Cloud Infrastructure in the Kingdom of Saudi Arabia - Digital transformation is at the heart of the Kingdom of Saudi Arabia's ambitious Vision 2030 program as the nation looks to future-proof its economy and enhance people's lives. The Kingdom is looking to diversify its economy and develop public ...
6 months ago Paloaltonetworks.com
Cybersecurity jobs available right now: October 2, 2024 - Help Net Security - As an Applied Cybersecurity Engineer (Center for Securing the Homeland), you will apply interdisciplinary competencies in secure systems architecture and design, security operations, threat actor behavior, risk assessment, and network security to ...
2 months ago Helpnetsecurity.com
CVE-2024-50137 - In the Linux kernel, the following vulnerability has been resolved: reset: starfive: jh71x0: Fix accessing the empty member on JH7110 SoC data->asserted will be NULL on JH7110 SoC since commit 82327b127d41 ("reset: starfive: Add StarFive JH7110 reset ...
1 month ago Tenable.com
Why RV Connex Chose Swimlane As "The Powerhouse" Of Their SOC - RV Connex is a Thailand-based company that specializes in national defense and space manufacturing. Since RV Connex has implemented security automation they have achieved significant progress. Tanajak Watanakij, Vice President of Cybersecurity and ...
1 year ago Securityboulevard.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)