Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Download the
presentation
Dial in
Visit
Share
Rate
gartner.com/webinars
and comment on
your experience
Follow Gartner
Technical difficulties?
Connect with us
@nancyatwork
@Gartner_Inc
Nancy Northrop
Gartner
CONFIDENTIAL AND PROPRIETARY I 2016 Gartner, Inc. and/or its affiliates. All rights reserved.
Email
gartnerwebinars@gartner.com
For a broader insight into Gartner you can find us: @Gartner_inc on Twitter and Gartner on LinkedIn.
Outline
What defines the SOC of 2016?
Modern SOC toolset
Maturing SOC processes
SOC of 2016,
Defined
SOC Defined
A security operations center provides centralized and
attacker methods, both of which are insufficient to protect against and detect
current threats.
People
Expansion of the L1/L2/L3 model
we need a SOC
because...
Executive management
support
Risk awareness or risk
assessment process
Asset management /
awareness
8
Solid IR process
Typically, a degree of
Network
Via Network Forensics (NFT) and/or Network Traffic Analysis (NTA)
10
Endpoints
via Endpoint Detection and Response (EDR)
Analytics
via User and Entity Behavior Analytics (UEBA or UBA)
11
Threat Intelligence
12
13
Analytics
UEBA / UBA and other security analytics
Threat intelligence
14
15
NO!!!
SOC involves PEOPLE and PROCESS
which are in fact MORE IMPORTANT
than tools
16
17
Workflow OR Automation?
What you can safely automate
Context enrichment and correlation/fusion of Intelligence
Gathering of evidence
Notifications and Response processes
Process raw inputs with analytic algorithms, and present the results
Ask for approval when needed
18
Maturing SOC
Processes
19
20
Description
Hypothesis-driven
IOC-driven
Analytics-driven
22
SOC
Just a reminder...
23
24
"MSSP's business is
business,
not your security"
Briefly on People
25
26
27
Not working to retain staff and not having a staff retention strategy
28
Conclusions
A good SOC today is not just an alert pipeline [like in 2003], but
29
30
Free Research
Watch Replay
31
CONFIDENTIAL AND PROPRIETARY I 2016 Gartner, Inc. and/or its affiliates. All rights reserved.
Thank you
Dont forget
Download the
presentation
33
Share
gartner.com/webinars
Follow Gartner
@nancyatwork
@Gartner_Inc
Nancy Northrop
Gartner
CONFIDENTIAL AND PROPRIETARY I 2016 Gartner, Inc. and/or its affiliates. All rights reserved.
and comment on
your experience
Visit
Connect with us
Rate
Technical difficulties?
Email
gartnerwebinars@gartner.com