Super Cyber Fridays!
Join us TOMORROW, Friday [03-22-24], for "Hacking Effective Third-Party Risk Management"

Join us Friday, March 22, 2024, for “Hacking Effective Third-Party Risk Management: An hour of critical thinking of going beyond questionnaires and ratings.”

It all begins at 1 PM ET/10 AM PT on Friday, March 22, 2024 with guests Paul Valente, CEO and co-founder, VISO TRUST and Arkadiy Goykhberg, CISO, Branch Insurance. We'll have fun conversation and games, plus at the end of the hour (2 PM ET/11 AM PT) we'll do our meetup.

Register

Thanks to our Super Cyber Friday sponsor, VISO TRUST

Defense in Depth
Improving the Responsiveness of Your SOC

When we think about improving efficiency in the SOC, we can often focus on tooling. Then why does it take so long to integrate new tools and get them up to speed?

Check out this post by Geoff Belknap, CISO, LinkedIn, that is the basis of our conversation on this week’s episode co-hosted by me, David Spark, the producer of CISO Series, and  Steve Zalewski. Joining us is our sponsored guest Spencer Thompson, CEO, Prelude.

Focus on outcomes

No one wants a security solution. They want the outcome it promises to provide. Focusing on those outcomes rather than getting bogged down in categories is key to improving the SOC. "Get out of the habit of thinking in acronyms. What you need isn't SOAR. You need ‘to automate the querying of additional context from some type of alerts in my EDR.’ Scope your efforts not around a single product from a vendor, but around use cases," said Maxime Lamothe-Brassard of LimaCharlie. Although as Erik Bloch at Atlassian reminds us, acronyms aren’t entirely useless, saying, "Outcomes achieve goals you can measure, acronyms get you a free dinner from the vendor when they come to town."

Tooling is key but not the only factor 

It’s no surprise that an effective SOC needs to balance people, process, and technology. The SOC needs tooling, but not to the detriment of the other two. “A major portion of our investment is in tools so far and we have reached the point of diminishing returns. Any new investment in tools will move the needle marginally," said Mihir Mohanty. That’s easy to say, but Aqsa Taylor of Gutsy points out, organizations often can’t quantify their own processes, saying, "You can have the best tools and people but without a secure consistent process that leaves no gaps or inefficiencies, it's difficult to improve. But rarely do companies have visibility into the processes themselves."

Context is king

The idea that “data is the new oil” can pollute the SOC. Focusing on just collecting data doesn’t tell you much without understanding how it relates to the rest of the organization."We have to fundamentally change how we operate in the SOC. The SOC is based on the faulty concept of collecting more information and feeding the Garbage Factory (a.k.a SIEM). We are not lacking data or visibility, what we are lacking is proper context to use that data effectively,” said Yaron Levi, CISO at Dolby. A lack of context means we can’t gain efficiencies and move from treating individual incidents into larger trends and categories. "We need much stronger correlation tooling. We focus too much on singular events and we need to be faster and more accurate around the broader picture of chained sequenced events," said Joshua Boyce at Cisco.

Moving to a proactive SOC

If we want to see big efficiency gains with the SOC, we need to reframe how it operates. As long as it only works proactively to respond to incidents, the SOC will always have an efficiency ceiling. David Ratner of HYAS outlined what this new vision of the SOC looks like, saying, "If you want to make your SOC more efficient, information needs to be able to bridge the gap and go from ‘what happened’ to ‘what is going to happen next.’ The threat intelligence and other tools at their disposal need to allow the SOC to get proactive in adapting defenses and getting prepared against the nature of the threats and risks that they are actively facing vss always looking in the rear-view window."

Please listen to the full episode on your favorite podcast app, or over on our blog where you can read the full transcript. If you’re not already subscribed to the Defense in Depth podcast, please go ahead and subscribe now.

Listen to the episode.

Thanks to our podcast sponsor, Prelude

LIVE!
Cyber Security Headlines - Week in Review

Make sure you register on YouTube to join the LIVE "Week In Review" this Friday for Cyber Security Headlines with CISO Series reporter Richard Stroffolino. We do it this and every Friday at 3:30 PM ET/12:30 PM PT for a short 20-minute discussion of the week's cyber news. Our guest will be Gerald Auger Ph.D., chief content creator, Simply Cyber.

Thanks to our Cyber Security Headlines sponsor, Vanta

Cyber chatter from around the web...
Jump in on these conversations

"6 months ago I had to quit my Cybersec Engineering job b/c of psychosis. What can I do to get back in the field?" (More here)

"How do I learn to do secure code reviews?" (More here)

"Made a mistake at work and I’m nervous. Advice needed." (More here)

Coming Up On Super Cyber Friday...
Coming up in the weeks ahead on Super Cyber Friday we have:

• [03-22-24] Hacking Effective Third-Party Risk Management

• [03-29-24] Hacking Detection and Response

 Save your spot and register for them all now!

Thank you!
Thank you for supporting CISO Series and all our programming

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!

Everything is available at cisoseries.com.

Interested in sponsorship, contact me, David Spark.