Defense in Depth

Improving the Responsiveness of Your SOC

Mar 21, 2024

Exploring the challenges of integrating new tools in a SOC and the importance of readiness measures. Discussing the shift from past events to current activities, focusing on speed and measurable outcomes. Highlighting the role of Security Orchestration in boosting SOC efficiency. Delving into the shift towards behavioral monitoring in cloud environments. Reflecting on the ineffectiveness of current security measures and the need for proactive actions.

27:46

Creator website

Episode guests

Spencer Thompson

AI Summary

Highlights

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Enhance security by shifting focus from vulnerabilities to exploitability and stopping malicious behavior in real-time.

Improve security posture by transitioning to proactive threat detection strategies and adapting defenses against emerging threats.

Deep dives

Transitioning from Vulnerabilities to Exploitability for Better Security Practices

The podcast emphasizes the need to shift focus from addressing vulnerabilities to exploitability for improved security measures. Traditional approaches aimed at patching vulnerabilities have limitations, leading to an evolution towards exploitability, focusing on stopping malicious behavior in real-time. The conversation highlights the importance of adapting defenses based on exploitability to enhance efficiency and effectiveness within security operations.

Emphasis on True Exploitability and Behavioral Based Detection

01:49

Focus on Outcomes, Not Acronyms

01:41

Efficient Response to Known Threats

01:01

Introduction

2min

Shifting Focus from Acronyms to Security Outcomes in SOC Operations

2min

Enhancing SOC Efficiency Through Security Orchestration and Response

9min

Evolving Security Operations in Cloud Environments

6min

Evolution from Vulnerability Management to Exploitability in Security Practices

5min

Facing the Ineffectiveness of Socks and Sims

4min

All links and images for this episode can be found on CISO Series.

Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining me is our sponsored guest, Spencer Thompson, CEO, Prelude.

In this episode:

Why does it take so long to integrate new tools and get them up to speed?
Are we always in a state where we are always lacking readiness?
What should we be measuring?
Do we focus too much on singular events?

Thanks to our podcast sponsor, Prelude

Prelude Detect is the world's only production-scale detection and response testing platform. Automatically transform your threat intelligence into validated detections and preventions in less than five minutes. Integrate with CrowdStrike, Microsoft Defender, SentinelOne, and more to enable machine speed detection and response engineering 🏎️ Learn more at preludesecurity.com.

Remember Everything You Learn from Podcasts

Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.

Defense in Depth

Improving the Responsiveness of Your SOC

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Transitioning from Vulnerabilities to Exploitability for Better Security Practices

Rethinking the SOC Approach towards Proactive Security

Challenges and Solutions in Security Operations Processes

Emphasis on True Exploitability and Behavioral Based Detection

Focus on Outcomes, Not Acronyms

Efficient Response to Known Threats

Remember Everything You Learn from Podcasts