5G SOC Solutions – The Human Element
10 years on active duty with the US Air Force specializing in Electronic Warfare, electronic, signal, and communication intelligence gathering operations. Conducted analyst activities for the US Air Force CERT as well as developed innovative detection platforms with Weapons & Tactics also in support of the Air Force CERT. Conducted penetration testing and developed a SOC from the ground up for a major US financial firm during Operation Ababil in 2012. Developed, deployed, and trained SOC members in incident analysis and incident response procedures. Streamlined SOC operations at another major US financial firm, created and deployed content as the Splunk SME, as well as engaged in APT Hunt activities. Develop ArcSight content and engineer ArcSight solutions in support of HPE pre-sales activity.
With the multitude of available tools available to Security Operations Centers, what are some of the key aspects into maturing a SOC to ensure a highly effective and repeated process? Analysts which support the day-to-day triage of events are expected to have an ever growing knowledge base of not the just affected technologies, but an understanding of the vulnerabilities, Tactics, Techniques, & Procedures (TTPs) of hostile actors, as well as being aware of the necessary steps to respond to incidents. However, this compartmentalizing of activity can numb an analyst’s ability to discern from non-malicious activity to a yet unobserved hostile action taking place; to compound the challenge, the demand continues to grow for ever more monitoring of our networks. While automation and analytics offer some solutions, they do not entirely solve the problem. Just as humans are almost always the weakest link in the chain, they can also be the greatest asset. The tools in our inventory may change, but the skill set of our analysts is an investment, which if cultivated, can unify the tools like never before.