Speaker: Anton Chuvakin, Security Strategist, Google
Today's Topic: Security Operations Challenges
Anton Chuvakin: Hello this is Anton Chuvakin Let's talk about typical SOC challenges. Now a lot of people when they think about security operations centers and challenges and reasons for failure would sometimes think about technology whether your SIEM is working with your data is being collected. But in my opinion, the top number one SOC challenge I've seen is either loss of executive management commitment or gradual decay of management commitment. So to be honest, I've seen more SOCs crash and fall because somebody upstairs, somebody much higher than the SOC in the reporting chain stopped being interested in this. Now let's look at other security operations center challenges and failure reasons. Let's look at them as process, people, technology. Now in the process side I would assume that people be mired in excessively bureaucratic processes or having no processes to speak of. To me both lead to failure. I want to have the consistent process with some structure, but also that opens for creativity. On the people side, of course, everybody likes to highlight talent shortages. That means not having the right people not having the right skills. It's not so much about the headcount. It's usually about not having the people that can deliver what your SOC needs. Now on the technology side, yes, I did mention that scaling, whether physically or economically; tools that just don't consider analyst workflow; tools with bad analyst experience; and of course tools that don't let you collect the data, analyze the data and investigate to the extent that you want. Now still I would say if I have to rank them, I would rank the executive commitment loss as number one. I would look at people challenges, talent shortages in number two bucket. Number three bucket would be process, process failures, no process, process too rigid. And then finally, I would count technology challenges as the last bucket of challenges for SOC.