Brad Freeman, Director of Technology at SenseOn introduce himself as a security professional with both practical and leadership experience and outlined in his talk the importance of doing the SOC basics right, from a perspective of people and processes.
Brad began by discussing how in many cases, analysts want to deal with serious security investigations: Compromises, incidents, things generally going wrong. This is something that they can get on a regular basis at a large organisation. However, this is less obviously achievable at a mid-market organisation.
A solution here is to ensure that the technology deployed at a mid-market company can empower their analysts, by ensuring that they have interesting security investigation to undertake, which can keep them curious and engaged. By enabling curious analysts, they will develop into more senior analysts.
Another key element in empowering your SOC team is to raise their internal profile: ensure that the security operations centre looks like just that: An operations centre, not just a portion of the office. Then, invite people to come on tours of a SOC, to ensure the entire company knows what is happening there and how important it is.
Another common trap in terms of empowering security teams which was outlined by Freeman was the total outsourcing of SOC activity to a third-party: Nobody knows your company like someone in your company.
He hypothesised that the best SOCs deploy a hybrid model, to ensure that internal business processes or activities (such as a potential M&A activity) are accounted for in terms of understanding network traffic within context.
Freeman also suggested a key problem is a lack of direction or strategy in place from leadership: Make the SOC work is ..
Support the originator by clicking the read the rest link below.
