Posted under: Research and Analysis
Its brutal running a security operations center (SOC) today. The attack surface continues to expand, in a lot of cases exponentially, as data moves to SaaS, applications move to containers, and the infrastructure moves to the cloud. The tools used by the SOC analysts are improving, but not fast enough. It seems adversaries remain one (or more) steps ahead. There arent enough people to get the job done. Those that you can hire typically need a lot of training, and retaining them continues to be problematic. As soon as they are decent, they head off to their next gig for a huge bump in pay.
At the same time, security is under the spotlight like never before. Remember the old days when no one knew about security? Those days are long gone, and they arent coming back. Thus, many organizations embrace managed services for detection and response, mostly because they have to.
Something has to change. Actually, a lot has to change. Thats what this series, entitled SOC 2025 is about. How can we evolve the SOC over the next few years to address the challenges of dealing with todays security issues, across the expanded attack surface, with far fewer skilled people, while positioning for tomorrow?
We want to thank Splunk(you may have heard of them) for agreeing to be the preliminary licensee for the research. That means when we finish up the research and assemble it as a paper, they will have an opportunity to license it. Or not. There are no commitments until the paper is done, in accordance with our Totally Transparent Research methodology.
There tend to be two use cases main use cases for the SOC. Detecting, investigating, and remediating attacks and substantiating the controls for audit/compliance purposes. We are not going to cover the compliance use case in this series. Not because it isnt important, audits are still a thing, and audit preparation should still be done in as efficient and effective a manner as possible. But in this series, were tackling the evolution of the Security OPERATIONS Center, so were going to focus on the detection, investigation, and remediation aspects of the SOCs job.
You cant say (for most organizations anyway) there hasnt been significant investment in security tooling over the past five years. Or ten years. Whatever your timeframe, security budgets have increased dramatically. Of course, there was no choice given the expansion of the attack surface and the complexity of the technology environment. But if the finance people objectively look at the spending on security, they can (and should) ask some tough questions about the value the organization receives from those significant investments.
And there is the rub. We, as security professionals, know that there is no 100% security. That no matter how much you spend, you can (and will) be breached. We can throw out platitudes about reducing the dwell time or make the case that the attack would have been much worse without the investment. And youre are probably right. But as my drivers education teacher told me over 35 years ago, you may be right, but youll still be dead.
What we havent done very well is manage to Security Outcomes and communicate the achievements. What do we need the outcome to be for our security efforts? Our mindset needs to shift from activity to outcomes. So what is the outcome we need from the SOC? We need to find and fix security issues before data loss. That means we have to sharpen our detection capabilities and dramatically improve and streamline our operational motions. There is no prize for finding all the vulnerabilities. Like there are no penalties for missing them. The SOC needs to master detecting, investigating, and turning that information into effective remediation before data is lost.
Once weve gotten our arms around the mindset shift in focusing on security outcomes, we can focus on the how. How is the SOC going to get better in detecting, investigating, and remediating attacks? Thats where better tooling comes into play. The good news is that SOC tools are much better than even five years ago. Innovations like improved analytics and security automation give SOCs far better capabilities. But only if the SOC uses them.
What SOC leader in their right mind wouldnt take advantage of these new capabilities? In concept, they all would and should. In reality, far too many havent and cant. The problem is one of culture and evolution. The security team can handle detection and even investigation. But remediation is a cross-functional effort. And what do security outcomes depend on? You guessed it remediation. So at its root, security is a team sport, and the SOC is one part of the team.
This means addressing security issues needs to fit into the operational motions of the rest of the organization. The SOC can and should automate where possible, especially the things within their control. But most automation requires buy-in from the other operational teams. Ultimately if the information doesnt consistently and effectively turn into action, the SOC fails in its mission.
In this series, we will deal with both internal and external evolution. Well start by turning inward and spending time understanding the evolution of how the SOC collects security telemetry from both internal and external sources. Given the sheer number of new data sources that much be considered (IaaS, PaaS, SaaS, containers, DevOps, etc.), making sure the right data is aggregated is the first step in the battle.
Next, well tackle detection and analytics since that is the lifeblood of the SOC. Again, you get no points for detecting things, but youve got no chance of achieving desired security outcomes if you miss attacks. The analytics area is where the most innovation has happened over the past few years, so well dig into some use cases and help you understand how frameworks like ATT&CK and buzzy marketing terms like eXtended Detection and Response (XDR) should influence your SOC plans.
Finally, well wrap up the series by taking the what (accurate detections) and turning them into the how (effective remediation), resulting in positive security outcomes. Operationalizing is a key concept in that context. So buckle up and come along on the SOC evolution ride as we define SOC 2025.
Mike Rothman(0) CommentsSubscribe to our daily email digest
*** This is a Security Bloggers Network syndicated blog from Securosis Blog authored by [emailprotected] (Securosis). Read the original post at: http://securosis.com/blog/soc-2025-the-coming-soc-evolution
See original here:
SOC 2025: The Coming SOC Evolution - Security Boulevard
- History of Evolution | Internet Encyclopedia of Philosophy - December 9th, 2016 [December 9th, 2016]
- Evolution - Bulbapedia, the community-driven Pokmon encyclopedia - December 12th, 2016 [December 12th, 2016]
- What is Evolution - explanation and definitions - December 21st, 2016 [December 21st, 2016]
- Evolution (2001 film) - Wikipedia - January 28th, 2017 [January 28th, 2017]
- EvolutionM.net - Mitsubishi Lancer Evolution | Reviews, News ... - February 1st, 2017 [February 1st, 2017]
- YMCA evolution continues at lake - Gaston Gazette - February 7th, 2017 [February 7th, 2017]
- Ivanka Trump's Beauty Evolution, From 1998 to Today Watch - Us Weekly - February 7th, 2017 [February 7th, 2017]
- Lumpy, hairy, toe-like fossil could reveal the evolution of molluscs - The Guardian - February 7th, 2017 [February 7th, 2017]
- How Evolution Alters Biological Invasions - ScienceBlog.com (blog) - February 7th, 2017 [February 7th, 2017]
- Cultural evolution and the mutilation of women - The Economist - February 7th, 2017 [February 7th, 2017]
- Late-night hosts on the evolution of Trump: 'Dickish to dictatorish' - The Guardian - February 7th, 2017 [February 7th, 2017]
- Gold's Gym Regina rebrands to become Evolution Fitness - Regina Leader-Post - February 7th, 2017 [February 7th, 2017]
- Incremental Versus Radical Innovation: A Response to Josh Swamidass on Evolution and Cancer - Discovery Institute - February 7th, 2017 [February 7th, 2017]
- Blockchain: Investment (R)Evolution For Developing Markets - Forbes - February 7th, 2017 [February 7th, 2017]
- See the Evolution of the Famed Porsche 911 in 7 Photos - WIRED - February 7th, 2017 [February 7th, 2017]
- Exhibition charts 500 years of evolution of robots - Phys.Org - February 7th, 2017 [February 7th, 2017]
- How evolution turned ordinary plants into ravenous meat-eaters - Wired.co.uk - February 7th, 2017 [February 7th, 2017]
- Are Evolution Fresh Drinks 'Poison'? - snopes.com - February 7th, 2017 [February 7th, 2017]
- Non-Chromosomal DNA Drives Tumor Evolution - The Scientist - February 8th, 2017 [February 8th, 2017]
- Chimpanzee feet allow scientists a new grasp on human foot evolution - Phys.Org - February 8th, 2017 [February 8th, 2017]
- 'Goldilocks' genes that tell the tale of human evolution hold clues to variety of diseases - Science Daily - February 8th, 2017 [February 8th, 2017]
- Pac-Man is Coming to 'The Sandbox Evolution' Next Week - Touch Arcade - February 9th, 2017 [February 9th, 2017]
- Chimpanzee feet allow scientists a new grasp on human foot ... - Science Daily - February 9th, 2017 [February 9th, 2017]
- Bacteria sleep, then rapidly evolve, to survive antibiotic treatments - Phys.Org - February 9th, 2017 [February 9th, 2017]
- Orangutan squeaks reveal language evolution, says study - BBC ... - BBC News - February 9th, 2017 [February 9th, 2017]
- Evolution gives rhyme its reason - Aurora News Register - February 9th, 2017 [February 9th, 2017]
- Deeper origin of gill evolution suggests 'active lifestyle' link in early vertebrates - Science Daily - February 9th, 2017 [February 9th, 2017]
- From Tara Palmer-Tomkinson to Cara Delevingne: the evolution of the It girl - The Guardian - February 10th, 2017 [February 10th, 2017]
- Banned TED Talk: Rupert Sheldrake The Science Delusion - Collective Evolution - February 10th, 2017 [February 10th, 2017]
- VOTD: Watch the Evolution of Keanu Reeves' Acting Career - /FILM - February 10th, 2017 [February 10th, 2017]
- Pokmon Go Eevee evolution: How to evolve Eevee into Vaporeon, Jolteon and Flareon with new names - Eurogamer.net - February 10th, 2017 [February 10th, 2017]
- Horse evolution bucks evolutionary theory - Science News - February 10th, 2017 [February 10th, 2017]
- Samsung's Chromebook Pro highlights the category's continued evolution - TechCrunch - February 10th, 2017 [February 10th, 2017]
- Scientists solve fish evolution mystery - Phys.Org - February 10th, 2017 [February 10th, 2017]
- Wildfire evolution forces Forest Service into new thinking - The Daily Progress - February 11th, 2017 [February 11th, 2017]
- How the horse can help us answer one of evolution's biggest questions - Raw Story - February 11th, 2017 [February 11th, 2017]
- A primer on Darwin Day: Some religious groups embrace 'Theistic evolution' - LancasterOnline - February 11th, 2017 [February 11th, 2017]
- Apple: Evolution of in-car audio tech moving at 'speed of sound ... - Times of India - February 11th, 2017 [February 11th, 2017]
- Mariska Hargitay's Evolution from '80s Glam to Law & Order: Special Victims Unit - TVOvermind - February 12th, 2017 [February 12th, 2017]
- Evolution of baseball from power to speed has left SBs behind ... - Chicago Sun-Times - February 12th, 2017 [February 12th, 2017]
- More order with less judgment: An optimal theory of the evolution of cooperation - Science Daily - February 12th, 2017 [February 12th, 2017]
- J. Albert C. Uy speaks on evolution, biodiversity in bellied flycatcher population - The College Reporter - February 12th, 2017 [February 12th, 2017]
- See the Evolution of Movie Magic With Every Oscar Winner for Visual Effects in History - Gizmodo - February 12th, 2017 [February 12th, 2017]
- Numerology: Here's What Your Name Says About You - Collective Evolution - February 13th, 2017 [February 13th, 2017]
- The Evolution of Valentine's Day - Inside Science News Service - February 13th, 2017 [February 13th, 2017]
- Why evolution may be tech billionaires' biggest enemy - The Week Magazine - February 13th, 2017 [February 13th, 2017]
- Community Viewpoint: Evolution, like gravity, is much more than theory it is a fact - Kdminer - February 13th, 2017 [February 13th, 2017]
- How the horse can help us answer one of evolution's biggest questions - Phys.Org - February 13th, 2017 [February 13th, 2017]
- How evolution alters biological invasions - Science Daily - February 13th, 2017 [February 13th, 2017]
- Cockeyed squid shines light on deep sea evolution - Christian Science Monitor - February 13th, 2017 [February 13th, 2017]
- Eye Evolution: A Closer Look - Discovery Institute - February 14th, 2017 [February 14th, 2017]
- Evolution always wins: University of Idaho video game uses mutating aliens to teach science concepts - The Spokesman-Review - February 14th, 2017 [February 14th, 2017]
- Geneticists track the evolution of parenting - Phys.Org - February 14th, 2017 [February 14th, 2017]
- How this cockeyed squid shines a light on deep sea evolution - Christian Science Monitor - February 14th, 2017 [February 14th, 2017]
- 4 Possible Roadmaps For macOS and iOS Evolution - The Mac Observer (blog) - February 15th, 2017 [February 15th, 2017]
- The Evolution of the Energy Capital of the World - Texas Monthly - February 15th, 2017 [February 15th, 2017]
- Humons presents an atypical dance evolution - Detroit Metro Times - February 15th, 2017 [February 15th, 2017]
- Pokemon Go Adds 80 Generation 2 Pokemon, New Evolution Items This Week - IGN - February 15th, 2017 [February 15th, 2017]
- Fossil discovery rewrites understanding of reproductive evolution ... - Science Daily - February 15th, 2017 [February 15th, 2017]
- 'X-Men: Evolution' Is the Gateway Drug of Comic Book Shows - Geek - February 16th, 2017 [February 16th, 2017]
- A cultural catch: Evolution of wooden halibut hooks carved by native ... - Science Daily - February 16th, 2017 [February 16th, 2017]
- Bremerton's Fitness Evolution now Planet Fitness - Kitsap Sun (blog) - February 16th, 2017 [February 16th, 2017]
- Eye Evolution: The Waiting Is the Hardest Part - Discovery Institute - February 16th, 2017 [February 16th, 2017]
- Evolution Of The Yeezy: 2009-2017 - HotNewHipHop - February 16th, 2017 [February 16th, 2017]
- Prebiotic evolution: Hairpins help each other out - Science Daily - February 16th, 2017 [February 16th, 2017]
- This 'Live Birth' Fossil Could Change Humanity's Understanding Of Evolution - Daily Caller - February 16th, 2017 [February 16th, 2017]
- Mysterious Ancient Stonehenge-Like Circles Found in Amazon Rainforest - Collective Evolution - February 16th, 2017 [February 16th, 2017]
- 'Pokemon Go': How to Evolve Poliwhirl Into Politoed - Heavy.com - February 17th, 2017 [February 17th, 2017]
- 'Pokemon Go': How to Evolve Slowpoke Into Slowbro or Slowking - Heavy.com - February 17th, 2017 [February 17th, 2017]
- 'Pokemon Go': How to Evolve Gloom Into Bellossom - Heavy.com - February 17th, 2017 [February 17th, 2017]
- Pokmon Go Dragon Scale - how to evolve Seadra into Kingdra and how to get the Dragon Scale - Eurogamer.net - February 17th, 2017 [February 17th, 2017]
- Pokmon Go Eevee evolution: How to evolve Eevee into Umbreon, Espeon, Vaporeon, Jolteon and Flareon with new ... - Eurogamer.net - February 17th, 2017 [February 17th, 2017]
- University of Pittsburgh guest speaker discloses evolution findings - UTA The Shorthorn - February 17th, 2017 [February 17th, 2017]
- 'Pokemon Go' Special Items: Drop Rates for Evolution Items & Berries at Pokestops - Heavy.com - February 17th, 2017 [February 17th, 2017]
- How Vedic Philosophy Influenced Nikola Tesla's Idea of 'Free Energy' - Collective Evolution - February 18th, 2017 [February 18th, 2017]
- Migration to America took long enough for evolution to happen on the way - Ars Technica - February 18th, 2017 [February 18th, 2017]
- How To Choose Your Eevee Evolution In 'Pokmon GO:' Umbreon And Espeon Edition - Forbes - February 18th, 2017 [February 18th, 2017]
- Evolution Items - IGN - February 18th, 2017 [February 18th, 2017]
- Congo River fish evolution shaped by intense rapids: Genomic study ... - Science Daily - February 18th, 2017 [February 18th, 2017]
- Pokmon Go - How to evolve, use Special Items, when to evolve or Power Up your Pokmon - Eurogamer.net - February 18th, 2017 [February 18th, 2017]