Back to blog results

8월 10, 2021 By Sumo Logic

Building a modern SOC

It’s not every day that you get four CTOs of leading Cloud companies in a discussion about security, the changing role of the security operations center (SOC), and how best to manage data, artificial intelligence(AI), and service providers in these challenging times. To close out the 2021 Modern SOC Summit, Christian Beedgen, Sumo Logic’s CTO, hosted a discussion with Peter Silberman, CTO at Expel.io, Scott Lundgren, CTO at Carbon Black, and Todd Weber, the CTO at Optiv.

What does “modern” really mean?

To kick off the discussion, the group took a closer look at what “modern” means.

According to Todd, “The first aspect is can it cover all the components that enterprises deal with. There are many different vectors and those vectors are ever-changing so the challenge is for the tools and the people to keep up. Secondly, how does the current drive towards automation fit with the traditional role of humans in the SOC.

From Peter’s viewpoint, the historical role of the SOC has been “security through obscurity,” indicating that it’s time to move to a more transparent approach that includes stakeholders and creates security champions throughout the organization, not just in the SOC. “As a modern security team, you recognize you have stakeholders and other business units or other teams that you have to service,” he says. Rather than being a mysterious security organization, a better path forward is to build relationships within the organization and have honest, frank discussions about security.

Scott’s view of the modern SOC comes down to a single word (which also covers his biggest concern when it comes to threats): efficiency. The speed at which attackers become more efficient has increased the volume and scale of attacks, much like a wave. “As defenders,” he says, “the SOC should be thinking of these attacks as ‘a wave coming at us’ and efficiency is how to face and handle that wave.

What does the modern SOC look like?

What does the SOC need to evolve into from where we are today? From Christian’s viewpoint, the core of the defense needs to be a coming from a human team rather than from machine learning (ML) or AI, and asked the panelists to weigh in on the role of AI and ML, as well as other aspects that they feel should be part of a modern SOC.

Peter’s view is that adaptability is a key characteristic of the modern SOC. By adaptability, he says, “the SOC should evolve as your customers evolve.” For example, rather than forcing technology onto customers, work with them to understand their environment and what they want to do, then the technology should efficiently do what the customer needs it to do. As he put it so well, “I don't think technology solves everything, as much as I love technology.”

Todd agreed with the emphasis on efficiency as a critical factor of the modern SOC. “Technology can be used to supplement human work and help with the day-to-day decisions, such as which alerts to pay attention to and which to dismiss. This can improve the quality of the work done by the SOC team without falling into the attractive trap of sophisticated AI and ML structures. Still facing the SOC, though, is how best to deal with the increasing efficiency of attackers.”

Scott pointed out that attackers are now using some aspects of standard software development: components strung together by different teams, using very narrow, simple interfaces. “We’ve seen how well modern software works at scale,” he says, “so there is no reason to think that those same economies of scale don't apply on the other side as well.”

When it comes to AI and ML, Scott has some strong words there too. “I think that sometimes in the security industry, we become a little bit enamored with our own data volume. Data is not information, so how can we extract the value from that pile of data through better filtering,” he says. Rather than dismiss AI and ML, we need to ask if we are applying those analytics techniques to the right situation at the right time to get the right results.

Listen to the rest of the discussion…

Listen in as Christian, Peter, Scott, and Todd discuss more practical aspects of how to build the Modern SOC, including:

  • The changing roles and responsibilities within the SOC

  • Building relationships within the organization

  • Removing silos with horizontal mobility

  • The role of security service providers in the modern SOC

Complete visibility for DevSecOps

Reduce downtime and move from reactive to proactive monitoring.

Sumo Logic cloud-native SaaS analytics

Build, run, and secure modern applications and cloud infrastructures.

Start free trial

Sumo Logic

More posts by Sumo Logic.

People who read this also enjoyed