SOCs are taking the center stage as the defenders of the network but many organizations don’t fully understand how to leverage a SOC, leaving them in the dark about the real value they provide.
On March 24, CYREBRO’s CEO and founder Nadav Arbel sat together with Ryan Alban Sr. Manager of Global Solution Leads at Secureworks, John Ayers, Vice President of Product at Optiv, and Matt Mellen, Director, Security Operations at Palo Alto Networks, to discuss the Next Generation SOC and give some behind the scenes insight as SOC providers and experts.
The four dive into one of the biggest hurdles for SOCs today, understanding the core function of a SOC, and just as important, what it does not do. Nadav explains “the biggest change that the SOC is going through is being able to tell the forest from the trees” saying it’s important the SOC does not report on every single event that occurs. Additionally, SOCs are going through an evolution of their own. New security solutions like XDR (eXtended Detection and Response) and orchestration add another element of automation and depth, and SOCs are adding new capabilities as well to help provide a complete solution. The panel discusses these important new tools and capabilities, but explains there is a focus being missed, taking us back to our fundamental questions: What is the SOC’s job? What do we expect the SOC to do? And why did the SOC make these decisions without me?
As the panel reveals, it’s important to differentiate between expectations versus reality when establishing a secure network that isn’t simply comprised of high-end tools, but instead leverages and integrates those tools optimally. To do so you need to understand how to use the data from a powerful tool to continue and improve your own processes and framework, they explain. The basics of “people, process, and technology” should always be referred to when attempting to implement anything new into an already running operation.
The panel also discusses how to communicate with the SOC in the best way, where companies need to invest with SOCs, and most importantly, how to optimize and fully utilize tools and services you pay for. As Nadav says “don’t have the misconception that if you bought an XDR, then you don’t have to do A, B, and C anymore”. CYREBRO solves this by focusing on properly leveraging your existing tools, so you can truly remain on top of your network and security.
Throughout the panel, the panelists also discuss their biggest SOC fears, and they go on to explain that there’s one thing that continues to haunt the SOC today: visibility. They explain the connections and paths that must be created to increase visibility for end-clients of a SOC.
A lot of what we are defending today is no longer just physical assets, we are trying to defend information within our organizations, and the worst predicament is being unaware of what you have. “You can’t defend what you don’t know you have,” says Ryan, and if you don’t know you have it you definitely aren’t maintaining it well, let alone securing it.
You can watch the entire Next Gen SOC panel here: