In a recent SC Media column, Michael Mumcuoglu – CEO of CardinalOps, wrote how continuous improvement techniques can help CISOs more effectively manage the growing threat landscape and improve the visibility and effectiveness of their security operations center (SOC).
Here are some highlights and key insights from the column:
It’s clear that organizations, and CISOs specifically, need to become more intentional about detection fidelity and coverage in their SOCs. They need to think about what their SIEM rules are detecting, and if they have use cases for the adversary techniques most relevant to their organizations. Do they actually work? Do they help SOC analysts effectively triage and respond?
To fight a continuously growing enemy, security teams must adopt continuous improvement. At the end of the day, cyber threat detection processes are no different than other security and IT management processes. As IT modernizes and uses DevOps and SRE approaches, so should the SOC. Visibility and accurate measurement of key performance indicators are important. Many SOC metrics – focused on people, process, and technology – are needed for consistent improvement. CISOs should focus on bringing automated, repeatable, and consistent processes to detection engineering.
Staying ahead of constant change in the attack surface and threat landscape will require a platform that’s easy to implement and continuously delivers new detection content and metrics. It will also need to continuously identify and remediate broken rules and misconfigured log sources. This will help the CISO and their SOC teams to proactively close the riskiest detection gaps that leave their organization exposed.
You can check out the full article here: What CISOs Don’t Know About Their SOCs