Security Operations

How do we effectively monitor, manage, and respond to security threats and incidents? What are the reportable metrics that show we are improving security operations?

Whether you run your own SecOps team, outsource it entirely, or embrace a mix of both, it is increasingly difficult to keep up with the volume of alerts and sophistication of attacks. How can we prioritize which of the thousands of alerts that are produced by a myriad of security solutions you employ? Can we ever get to the elusive “single pane of glass?”

With the global shortage of skilled and experienced information security resources, it is even harder to monitor and respond to so many alerts. We must employ automation to effectively weed through, alert on, and respond to the highest risk events of interest. Artificial Intelligence and Machine Learning provide great promise in this area, yet we still need skilled professionals to ensure we are taking the right actions. Can we turn to data analytics to help?

Likely areas of exploration include:

  • The state of our SOC: people, process, and technology
  • The move to more automation and practicality of SOAR platforms
  • Security operations as a service and SOC outsourcing
  • Finding and retaining SecOps resources
  • The elusive "single pane of glass" and what dashboard we need to prove success
  • SOC metrics, measuring and reporting
  • Evolution of SIEM, SOAR, UEBA solutions
  • The trend toward MDR/XDR and away from traditional MSSPs
  • Digital risk protection and new threat intelligence sources

Sponsored by Arctic Wolf, IBM, Infoblox