An Intelligence-Driven SOC – Come See It

By Matthew Gardiner, Sr. Manager, RSA

I just returned from a weeklong trip to Europe, where I contributed my voice to the wildly successful series of RSA Security Summits. With near unanimity in London and Zurich the audience accepted our premise that as a result of the changing IT landscape – including cloud, mobile, big data, extended workforce, supply chains – and the realities of today’s sophisticated attackers, the approach to security in organizations needs to dramatically change. Furthermore there was also general agreement that today’s preventive security systems, that are largely perimeter and signature-based, no longer provide sufficient defenses, and that to compensate organizations must improve their detective and response focused security controls. This quickly led to the practical and real challenge of how organizations can best make those improvements. How in an environment of fixed security budgets can organizations invest to create or significantly enhance their monitoring and response capabilities?

In effect organizations are asking themselves how they can build out their security operation centers (SOCs). No doubt there are many factors to consider when considering a significant SOC investment, not the least of which is the organization’s security maturity, type and location of sensitive digital assets, expertise, and risk tolerance. But equally important are the technical infrastructure and processes necessary to make SOCs both more effective and efficient in their task of detecting, investigating, and remediating threats and vulnerabilities. With limited human resources, how can the mundane tasks be automated away and the complex ones be made easier? This is a deep topic that we were only able to touch on during these Summits.

But fortunately if you have interest in building what we call an intelligence-driven SOC, RSA is running a webinar precisely on this topic in which we will spend most of the session walking through the detection, investigation, and response lifecycle of a representative advanced attack and show you how an intelligence-driven SOC solution can help to optimize this process. Sound interesting? Come join us at this event happening Thursday, May 2 at 2 pm EST.

Matthew Gardiner is on the product marketing team at RSA and is focused on the evolution of the SOC and RSA’s solutions which help SOC analysts be more effective and efficient in their jobs. You can follow him on twitter @jmatthewg1234.