Search the Community

Vaguely relevant but very cyber image from Dall-E One pattern I spotted after looking at the evolution of IT and security organizations over the years, including my time at Gartner is: change is hard, but transformation is harder. Perhaps it is an IT Axiom of some sort, with a Theorem I that follows: many who say they want to transform, really don’t. And Theorem II: many wish for purported results of a transformed operation, but cannot bear many (any?) of the costs. So when I hear that a certain security team or a security operations center (SOC) wants to transform to a new, modern model, numerous challenges arise. One significant factor is the tendency of individuals to become attached to the familiar processes and tools they have been using for an extended period, after sometimes investing a lot of blood, soul and fortune (vendor S comes to mind, but I digress … this is not really about SIEM). Additionally, there may be a concern that the new model will be more complex or challenging to manage, leading to even more reluctance to adopt it. This attachment can create resistance to change and make it challenging to embrace new approaches no matter what happens outside the organization. It seems like there’s a desire for so-called “transformation lite” where few things change, but the results are comparable to that of a transformed organization. It is very clear to me that such a thing is utterly impossible. Let’s bring this to our ongoing discussion of modern SOC. For example, in our now-infamous Ghost of SOC presentation (and a related paper), we have highlighted that some organizations really should go for an incremental improvement, not a transformation (the saddest part is the organization that perfectly fits out criteria for “need: maximum, must transform” and also fits our criteria for “capability: absent, absolutely unable to transform”… you won’t believe what happens next) Hey, even Gartner agrees with this! (source: Gartner “The IT Roadmap for Digital Business Transformation”) As you recall, we outlined a vision that we used to call autonomic security operation in the original paper (still a very useful resource despite a 2021 date). The pattern, as we have noticed over the years, is that many organizations that run traditional security operations centers are scared of a required scale of change. One prospect I spoke with humorously yet wistfully observed that he thinks “they can evolve there in 200 years.” Modern SOC blog also highlights the fact that such “relentless drive for automation and engineering-led mentality” are difficult for many teams. Thus, I cannot promise that I would … a) give you three things to do which are also simple and reminiscent of your old practices, and b) that you will get results compared to a truly transformed organization. You really get to pick a) or b), not a) and b), GenAI or no GenAI. Worse, since the Autonomic Security Operations (ASO) paper was published, I’ve been leaning to a view that the DNA of your SOC largely determines its fate (slide 11). SOCless DNA means you can scale with the threats and assets, 1980s NOC DNA means you will struggle or, at best, grow slowly. OK, thanks for tolerating my rant! So the real topic of this is, What is the minimal set of practical and implementable requirements that would give you the biggest value and possibly send you down the path to SOC transformation? Perhaps the idea is that of a “Minimal Viable Transformation” here… First, we need to agree to a few things (What? More rants, Anton? Well, yes!): You need to understandably tame your expectations. This is at best “transformation lite”, and at worst, merely using the ideas that others used to transform to slightly improve. Some of the magic happens at later stages of the transformation, even though the work happens starting from the first stage. In other words, work increases linearly, but some value occurs at later stages. Eh… got any good news, Anton? In this “transformation lite” approach, the tooling may not need to be replaced at the initial stage. For some organizations, however, it is easier to replace the tools than to change the processes in any significant way, so this is “minor good news”, perhaps. So, here is what I have: Baby ASO stack If this is too complicated still … eh… then the first item that I always highlight when speaking on this topic is making sure that people who respond to alerts in your SOC (analysts) start to get closer to people who produce detections (engineers). This may mean having lunch once a month, rotating into each other’s roles for a week, or doing other things that send them down the path of understanding each other better and in some cases becoming the same team later on. So, if you truly need 1 thing, that is that it… but this won’t transform you, to be sure. Some related posts (there is a lot more here): New Paper: “Autonomic Security Operations — 10X Transformation of the Security Operations Center” How to Banish Heroes from Your SOC? SOC is Not Dead Yet It May Be Reborn As Security Operations Center of Excellence Kill SOC Toil, Do SOC Eng WTH is Modern SOC, Part 1 Stop Trying to Take Humans Out of SOC … Except … Wait… Wait… Wait… More SRE Lessons for SOC: Release Engineering Ideas EP75 How We Scale Detection and Response at Google: Automation, Metrics, Toil SRE books Baby ASO: A Minimal Viable Transformation for Your SOC was originally published in Anton on Security on Medium, where people are continuing the conversation by highlighting and responding to this story. The post Baby ASO: A Minimal Viable Transformation for Your SOC appeared first on Security Boulevard. View the full article

Our digital world is based on connectivity, but with that comes great responsibility. Businesses manage vast amounts of client information. Ensuring the protection of this information is not an easy task, especially given the company’s present obligations. This is why SOC 2 Compliance Audit is essential. It is important to rebuild trust and strengthen cybersecurity […] The post What is SOC 2 Compliance Audit? appeared first on Kratikal Blogs. The post What is SOC 2 Compliance Audit? appeared first on Security Boulevard. View the full article

DataDome's SOC 2 Type 2 compliance has been renewed for another year, further underlining that our security controls for customer data align with the AICPA's SOC 2 standard. The post DataDome Renews SOC 2 Type 2 Compliance appeared first on Security Boulevard. View the full article

You can now use Amazon Managed Workflows for Apache Airflow (MWAA) for use cases that are subject to Service Organization Control (SOC) requirements. MWAA is now SOC 1, 2 and 3 compliant, allowing you to get deep insight into the security processes and controls that protect customer data. AWS maintains SOC compliance through extensive third-party audits of AWS controls. These audits ensure that the appropriate safeguards and procedures are in place to protect against security risks that may affect the confidentiality, integrity, and availability of customer and company data. AWS SOC reports are independent third-party examination reports that you can download in AWS Artifact. View the full article

You can now use AWS Application Migration Service (AWS MGN) for use cases that are subject to System and Organization Controls (SOC) reporting. You can also now install the AWS Application Migration Service agent on your source servers using AWS Identity and Access Management (IAM) temporary security credentials with limited permissions. AWS Application Migration Service allows you to quickly migrate and modernize applications on AWS. View the full article

AWS Resource Access Manager (AWS RAM) can now be used for workloads subject to Service Organization Control (SOC) compliance and International Organization for Standardization (ISO) ISO 9001, ISO 27001, ISO 27017, ISO 27018 and ISO 27701 standards. Now, customers in finance, healthcare, and other regulated sectors can get insights into the security processes and controls that protect customer data which can be found in the SOC reports, AWS ISO and CSA STAR certificates in AWS Artifact. AWS' alignment with these standards in addition to the independent third-party assessment of these internationally recognized code of practices demonstrates AWS' commitment to the privacy and protection of customers' content. View the full article

Visibility, focus, and expertise, delivered as a service, guides SOC analysts to more efficient investigations with zero detection tuning or system maintenance required Santa Clara, CA, June 10, 2021 – Gigamon, the leader in cloud visibility and analytics, today announced ThreatINSIGHT Guided-SaaS NDR (network detection and response), which was purpose built to improve SOC (Security […] The post Gigamon Launches ThreatINSIGHT Guided-SaaS NDR to Improve SOC Effectiveness and Reduce Analyst Burnout appeared first on DevOps.com. View the full article

All AWS System and Organization Controls (SOC) (1,2,3) compliant services deployed in AWS Wavelength are now in scope. You can download the SOC Report in AWS Artifact. AWS maintains certifications through extensive audits of its controls to ensure that information security risks that affect the confidentiality, integrity, and availability of company and customer information are appropriately managed. View the full article