Speaker: Steve Meckl, Head of Operations, ASO, Google
Today's episode: Autonomic Security Operations (ASO)
Steve Meckl: ASO is our approach to transforming security operations programs and enabling them to be more efficient and effective in combating the exponentially increasing volume of security-relevant log data and attacks that are happening in modern SOCs.
Steve Meckl: With ASO what we're advocating for is changing how security operations works in order to act more like the autonomic nervous system. The core of ASO is what we call the continuous detection and continuous response loop or CDCR That involves taking a really thoughtful approach to using continuous feedback through business analytics, having well-defined and monitored performance indicators and objectives for your security operations program that are aimed at improvement, monitoring those on a continuous basis and using them to make improvements on a continual basis to your visibility of your network environment and of the emerging attacker landscape. So emerging threat intel, understanding what new log streams can help you identify attackers, making improvements to your security analytics, automating more of it so that it happens in the background, reducing false positives, getting better at bringing higher-criticality alerts to the forefront, and allowing your team to have more time to do things like deeper-dive threat hunting and investigations and then leveraging the capabilities of modern security orchestration platforms to automate a lot of the toil that's happening in queues, so that you can continuously and in an automatic fashion memoize the expertise of your best security practitioners into automated systems, automate your response so that you can adapt to and remediate to attacks much quicker, automate creation of security analytics and threat hunts so that you can identify attackers in your environment before they have a chance to cause damage. And then build things, like automatically create things like dashboards and reporting so that the business intel is automatically generated, reported and can be shared out with all levels of leadership in the organization. That increases the influence you have throughout your business.