Force Multiplier: How we use SOAR to maximize our own SOC analyst efficiency while minimizing fatigue and burnout

  • Thursday, 16 Jul 2020 3:30PM EDT (16 Jul 2020 19:30 UTC)
  • Speakers: Chris Crowley, Chris Gebhardt

As SANS notes: \Today, security operations do not suffer from a "Big Data" problem but rather a "Data Analysis" problem."

This session will discuss how StratoZen took a new approach to SOC challenges by building our own SOAR tools with DevOps principles to make SOC analysts more efficient and increase performance.'stratoZen developed our SOAR tools based on observations of SOC analyst behavior, analysis of over 20 billion logs per day, and a vast inventory of logged repetitive actions. With our new tools and practices, we've achieved over 50% increase in individual SOC analyst efficiency, no voluntary turnover in over a year, and an analyst-to-device ratio of well over 1:10,000.

This session will not be a product demonstration. 'We will focus on showcasing the practices and philosophies we used to create these efficiencies in order to share our experience with the larger cybersecurity community.'these principles can be used by any organization.