“Today, cyber security operations do not suffer from a ‘Big Data’ problem but rather a ‘Data Analysis’ problem.” – SANS Institute
Security Operation Center (SOC) analysts are getting stretched thin and hitting efficiency roadblocks, especially as they gather and analyze alarm data from multiple platforms. In large part, this is due to the prevalence of “one size fits all” strategies that are being used by many SOCs. The truth however is that different SOCs have different challenges.
StratoZen conducted a study of SOC analyst behavior and determined that to be efficient, a SOAR (security orchestration, automation, and response) solution should be customized to the unique circumstance of the SOC where it is deployed.
Many security operations centers and organizations get stuck because they focus on automated response or playbook workflows when discussing SOAR. However, an effective SOAR capability requires more than simply relying on a product or enabling a vendor’s automation feature. Done correctly, a SOAR strategy provides a customized foundation for effective and efficient cyber defenses.
This has led StratoZen to focus on building customized SOAR tools with the customer’s Security Operations Center processes and procedures in mind. Key components of these tools are:
- a complete feedback loop with the customer
- ongoing automated testing, deployment, and monitoring
The end result empowers cyber security teams by giving them the capability to streamline big data analysis and achieve their goals for efficiency and effectiveness.
Join StratoZen and SANS where we will discuss how StratoZen took a new approach to SOC challenges by building SOAR tools for SANS with DevOps principles to make SOC analysts more efficient and increase performance. StratoZen developed SANS’ SOAR tools based on observations of SOC analyst behavior, analysis of over 20 billion logs per day, and a vast inventory of logged repetitive actions.
With the new tools and practices, SANS has achieved over 50% increase in individual SOC analyst efficiency, no voluntary turnover in over a year, and an analyst-to-device ratio of well over 1:10,000.
This session will not be a product demonstration. Rather, it will focus on showcasing the practices and philosophies used to create these efficiencies to share our experience with the larger cybersecurity community. These principles can be implemented by any organization.
Join us to learn more:
- Thursday, July 16, 2020 at 3:30PM EDT
Chris Gebhardt is the Vice President of Cybersecurity Operations for StratoZen in Draper, UT. Chris was exposed to technology early in life growing up in New York. His career focused on the use of technology and security for government and corporate entities including the FBI, DOJ, BJS, eBay, Jet.com, and numerous private equity firms. Chris is a dynamic speaker often challenging the widely held beliefs of the cybersecurity community. He is experienced with SOC 2, SOX, HIPAA, GDPR, ISO, and other compliance frameworks.
Christopher Crowley, a SANS Senior Instructor, has 15 years of industry experience managing and securing networks. He currently works as an independent consultant in the Washington, DC area focusing on effective computer network defense. His work experience includes penetration testing, security operations, incident response, and forensic analysis. “The Mentor of the Year Award is given to SANS Mentors who excel in leading SANS Mentor Training classes in their local communities.”