Brad Freeman, Director of Technology at SenseOn introduce himself as a security professional with both practical and leadership experience and outlined in his talk the importance of doing the SOC basics right, from a perspective of people and processes.
Brad began by discussing how in many cases, analysts want to deal with serious security investigations: Compromises, incidents, things generally going wrong. This is something that they can get on a regular basis at a large organisation. However, this is less obviously achievable at a mid-market organisation.
A solution here is to ensure that the technology deployed at a mid-market company can empower their analysts, by ensuring that they have interesting security investigation to undertake, which can keep them curious and engaged. By enabling curious analysts, they will develop into more senior analysts.
Another key element in empowering your SOC team is to raise their internal profile: ensure that the security operations centre looks like just that: An operations centre, not just a portion of the office. Then, invite people to come on tours of a SOC, to ensure the entire company knows what is happening there and how important it is.
Another common trap in terms of empowering security teams which was outlined by Freeman was the total outsourcing of SOC activity to a third-party: Nobody knows your company like someone in your company.
He hypothesised that the best SOCs deploy a hybrid model, to ensure that internal business processes or activities (such as a potential M&A activity) are accounted for in terms of understanding network traffic within context.
Freeman also suggested a key problem is a lack of direction or strategy in place from leadership: Make the SOC work is the only objective many CISOs will provide. This is not an adequate replacement for a security strategy. Other problems outlined included vanity metrics, poor detection processes, and technology decisions being driven by [purchasing decisions, instead of a strategy.
Brad’s parting advice for making a SOC work for you was as follows:
- Develop people
- Show value
- Use process
- Make tech decisions which solve your problem, not tick a box!
To find out more about how SenseOn, click here