SOC
Featuring 5 Papers as of November 18, 2020
-
20/20 Vision for Implementing a Security Operations Center Analyst Paper (requires membership in SANS.org community)
by Christopher Crowley - November 18, 2020- Associated Webcasts: 20/20 Vision for Implementing a Security Operations Center A SANS Whitepaper
- Sponsored By: Splunk CrowdStrike, Inc. Vectra Networks Inc.
Organizations want to transform the Security Operations Center (SOC) with automation and orchestration. Threat intelligence needs to be ingested, defense expenditures need to be optimized based on attacker tactics and techniques, new technology needs to be implemented, cloud resources and other external resources are taking the place of traditional on-premises systems, and skilled staff are scarce. To accomplish this modernization in stream with existing operations, a clear strategy for the capabilities and implementation is needed. How will you develop this strategic vision? Most organizations will look to the industry standards and reference implementations to determine a strategy before proceeding. This paper and webcast will help you explore what those models are. It will identify and discuss several models of what a SOC is. The relative merits and shortcomings will be identified, and value propositions will be offered. Your strategic outlook and your implementation will be substantially improved as a result.
-
Closing the Critical Skills Gap for Modern and Effective Security Operations Centers (SOCs) Analyst Paper (requires membership in SANS.org community)
by John Pescatore and Barbara Filkins - July 24, 2020- Associated Webcasts: Closing the Critical Skills Gap for Modern and Effective Security Operations Centers (SOCs): Survey Results Closing the Critical Skills Gap for Modern and Effective Security Operations Centers (SOCs): Panel Discussion
- Sponsored By: Cisco Systems Inc. LogRhythm Anomali ThreatConnect Reversing Labs Swimlane Awake Security ExtraHop
SANS surveys have shown that the skills of the people are the prime prerequisite to enable organizations to define critical SOC processes; create use cases, hypotheses and plans; architect effective security solutions; and efficiently deploy, operate and maintain security systems. In this whitepaper, SANS author and Director of Emerging Security Trends John Pescatore explores the results of this year’s SAN SOC Survey, with advice from Barbara Filkins, SANS Analyst Program Research Director.
-
Assisted Security Investigations Using Cognitive Computing by Lori Stroud - December 3, 2019
The purpose of this research is to illustrate the application of cognitive computing and machine learning concepts through the building and training of a chatbot that simulates human conversation for cybersecurity investigation scenarios. The SOC chatbot will offer best-practice advisory dialogue to security analysts as they proceed through security incident investigations, thus simulating technical mentorship. As a security analyst progresses through various investigations, they will become more practiced in the recommended and appropriate workflows, gain investigative tool proficiency, and become more confident in handling standalone investigations. The SOC chatbot will serve as a training tool for less experienced analysts and afford more time to upper-tier analysts to respond to escalated security incidents, as they will no longer need to walk through incidents alongside junior analysts. Security analysts serving in a tier 1 SOC role are ideal end-users of the SOC chatbot. As the first line of defense, their primary function is to address SIEM events. They are familiar with basic security concepts, incident ticketing systems, and hold the appropriate level of access for data gathering and external research.
-
Common and Best Practices for Security Operations Centers: Results of the 2019 SOC Survey Analyst Paper (requires membership in SANS.org community)
by Chris Crowley and John Pescatore - July 9, 2019- Associated Webcasts: Common and Best Practices for Security Operations Centers: Results of the 2019 SOC Survey Common and Best Practices for Security Operations Centers: Panel Discussion
- Sponsored By: Anomali ThreatConnect CYBERBIT Commercial Solutions Siemplify DFLabs ExtraHop BTB Security CyberProof
In this survey, senior SANS instructor and course author Christopher Crowley, along with advisor and SANS director of emerging technologies John Pescatore, provide objective data to security leaders who are looking to establish a SOC or optimize an existing one. This report captures common and best practices, provides defendable metrics that can be used to justify SOC resources to management, and highlights the key areas that SOC managers should prioritize to increase the effectiveness and efficiency of security operations.
-
The Definition of SOC-cess? SANS 2018 Security Operations Center Survey Analyst Paper (requires membership in SANS.org community)
by Christopher Crowley and John Pescatore - August 13, 2018- Associated Webcasts: No Single Definition of a SOC: Part I of the SANS 2018 SOC Survey Results Webcast SOC Capabilities and Usefulness: Part II of the SANS SOC Survey Results Webcast SOC Capabilities and Usefulness: Part II of the SANS SOC Survey Results Webcast No Single Definition of a SOC: Part I of the SANS 2018 SOC Survey Results Webcast
- Sponsored By: LogRhythm CYBERBIT Commercial Solutions Authentic8 DFLabs Awake Security ExtraHop
Although SOCs are maturing, staffing and retention issues continue to vex critical SOC support functions. In this paper, learn how respondents to our 2018 SOC survey are staffing their SOCs, the value of cloud-based services to augment staff and technology, and respondents' level of satisfaction with the architectures they've deployed.
Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact webmaster@sans.org.
All papers are copyrighted. No re-posting or distribution of papers is permitted.
SANS.edu Graduate Student Research - This paper was created by a SANS Technology Institute student as part of the graduate program curriculum.