Title: Cyber Security - Future Of Security Operations
1Siemplify Cyber Security Automation
The Future Of Security Operations
2Introduction
For the past 13 years, Ive been heavily involved
in the military intelligence community and the
cyber security industry, setting up cyber
defenses and training security personnel from
leading enterprises and government organizations.
During that time, I saw first-hand how cyber
tools failed to address the operational
challenges faced by security teams. So I teamed
up with Alon and Garry to build a new kind of
security operations center (SOC) platform.
3Multi-layer Threat Analysis
4Threat Analysis Platform
The Siemplify Threat Analysis Platform, which we
launched today, is built from the ground up to
address todays real-world security challenges.
It brings a command-and-control model to the
SOC, combining real-time threat analytics, visual
investigation, and incident response. See, what I
found repeatedly when engaging with SOC teams was
that all too often they were alerted to a threat
and a thousand other items.
5Why So Many Alerts
Threat detection is not a binary decision of
block or allow. Security orchestration tools
cant always be 100 percent certain they will
alert when something is suspicious. Because there
are many fronts to protect there will inevitably
be many different detection systems responsible
for a different layer in the organization. This
creates a situation in which detection systems
fire off alerts individually and agnostically,
giving security teams only pieces of the puzzle.
6Security Analysts Job
Security teams are forced to analyze and make
sense out of all this machine data and build the
bigger picture. As more detection systems are
added and attacks become more sophisticated,
building that picture has become exponentially
more complex. Minor, routine incidents trigger a
flood of alerts that distract security teams.
7Future SOC Platform
To solve the challenges of modern threat
detection, we drew on our experience in military
intelligence. Like cyber-security analysts,
military intelligence analysts are expected to
analyze and investigate threats, and initiate
appropriate action. And like security analysts,
intelligence analysts are hired for their ability
to understand the meaning of data, not their
technical ability to write a database query
skills. And as such, the tools available to
intelligence analysts aim to eliminate the
technical complexity of intelligence analysis.
8Cyber Security Application Platform
9How SOC Operates
They process, normalize and correlate the raw
alerts and data coming from various surveillance
sources, allowing the intelligence analysts to
focus on the bigger picture and easily initiate
the necessary response. SOC platforms need to
adopt a similar role and focus on enhancing human
cognitive abilities. They need to be
command-and-control platforms and eliminate as
much complexity of threat analysis and incident
response as possible.
10What SOC Platform Should Be
- Automatically put into context internal and
external security data - Dynamically correlate security alerts across
different detection tools - Filter out the noise of alerts, prioritizing
threats and focusing on what matters most - Intuitively visualize the data in a clear and
interactive way for rapid analysis allowing
investigation across multiple data silos - Make threat intelligence actionable by
automatically matching indicators with internal
events - Integrate into the existing security
infrastructure allowing remediation to be
initiated from a central console
11Conclusion
These are just some of the critical capabilities
security teams can expect from the Siemplify
Threat Analysis Platform. Well be using our
expertise and platform as the basis for this
blog. Well explore the challenges facing
security operations and provide original research
into those challenges. Expect to also find here
practical tips for how to improve SOC operations,
insights into threat analysis, and help on how to
make your security team more effective.