SOC Automation 101 Let’s Make the SOC Great er Again!
SECO-Institute webinar write up – August 26, 2020
Watch the recording here!
Security Operations Centers continue to face an unmanageable amount of security alerts that lack context or actionable value. SOC Analysts face burnout from working in a stressful environment and ‘bore out’ due to the many manual and repetitive tasks. In this webinar, we will focus on automation as one of the solutions to overcoming these obstacles. We’ll evaluate time-consuming tasks that could be automated to increase the efficiency of a SOC, reduce the time from detection to response, and help the Security Analyst to evolve from a fire-fighter to a more proactive response expert.
1. Demo: Automating attack simulations and threat modelling with the Attack Defence Graph Analyser | Erik Ringdahl from the SOCCRATES Project
Asset management is a crucial foundation for any security program, but it’s not enough. While threat modelling can significantly help organizations provide clarity of risks across their infrastructure, it’s a time-consuming process not suited for security in an operational context. Erik will demonstrate the Attack Defence Graph Analyser of the SOCCRATES project that automatically and continuously generates models of IT architectures in a SOC to perform automated attack simulations and threat modelling, predict how attacks might propagate over a given infrastructure and suggest mitigations, analyse probable causes and effects of given indicators of compromise and threat intelligence, and quantify the impact and probability of compromise
2. SOC Automation into practice: Why and how? | Rob van Os, Product Owner Cyber Defense Center at de Volksbank & co- author of SECO’s Security Analyst Training
Rob will elaborate why and how a SOC should embrace Automation to deal with ‘alert overkill’; manage security tools that generate a lot of data; make the Security Analyst job ‘Great Again’ and the company an attractive place to work in the competition for qualified Analysts; and build the business case for a SOC, increase its efficiency in an increasingly complex environment and threat landscape
