Down the Security Rabbithole Podcast (DtSR) DtSR Episode 578 - Maybe A Modern Day SOC Discussion
8 snips
Nov 21, 2023 
Experts Jim Tiller and Anton Chuvakin discuss the evolution and challenges of Security Operations Centers (SOC), including the impact of global macroeconomics on security technology, the importance of collaboration between different teams, and the shift towards automation. They also explore false positives and negatives in the modern SOC environment, and the challenges of outsourcing security operations.
AI Snips
Chapters
Transcript
Episode notes
Modern SOCs Must Move Beyond NOC DNA
- Modern SOCs are distinct from NOC/help-desk DNA; treating SOC like a security help desk misses automation and pipeline needs.
- True modern SOCs emphasize automation, code-driven pipelines and fewer manual searches.
Friction Often Signals Broken Culture
- Separation or friction between NOC and SOC often reflects cultural and management issues, not purely functional necessity.
- When teams partner (cloud, IT, security) investigations and response become far more effective.
Use Blameless, Cross-Functional Triage
- Build blameless triage and runbooks that include IT, cloud teams, HR and other stakeholders to speed investigations.
- Treat operational telemetry (performance, network, security) jointly to find root causes faster.