During the SANS Spring Cyber Solutions Fest’s Detection & Response track, Jay Lillie, CardinalOps VP of Customer Success, and Dr. Anton Chuvakin, Advisor to the Google Office of the CISO, discussed ways to improve SOC outcomes by cross-pollinating lessons between prevention and detection teams.
Some key takeaways and soundbites from the webinar are below:
- How do you magically 2X your SOC? It’s not always by working harder or buying more tools, it’s by going outside the SOC, beyond the D&R domain! For example, the SOC can’t completely fix phishing risks, but an organization-wide MFA implementation can.
- Missed opportunities for prevention and detection collaboration comes from a lack of a key linkage between the two teams, but continuous threat exposure management (CTEM) and MITRE ATT&CK Mitigations are positioned to address that gap.
- Communication between prevention and detection also helps surface potential compensating controls, where one layer of security controls can provide comparable protections to another layer of controls (when the other layer is not feasible or practical).
- CTEM enables cross-pollination of lessons between detection and prevention teams: “Sometimes you learn a lesson in SOC, but the best beneficiary is in hygiene, preventative security, or IT management… so you bring lessons to make their life easy, and this is where the magic happens!”