EP73 Your SOC Is Dead? Evolve to Output-driven Detect and Respond!

27:56
 
แบ่งปัน
 

Manage episode 333526998 series 2892548
โดย Anton Chuvakin และถูกค้นพบโดย Player FM และชุมชนของเรา -- ลิขสิทธิ์นี้เป็นของผู้เผยแพร่ ไม่ใช่ Player FM โดยมีการสตรีมเสียงโดยตรงจากเซิร์ฟเวอร์ผู้เผยแพร่ กดปุ่มติดตามเพื่อติดตามการอัพเดทใน Player FM หรือวาง URL ฟีดนี้ไปยังแอพพอดคาสท์อื่น

Guest:

  • Erik Bloch, Senior Director of Detection and Response at Sprinklr

Topics:

  • You recently coined a concept of “output-driven Detection and Response” and even perhaps broader “output-driven security.” What is it and how does it work?
  • Detection and response is alive (obviously), but sometimes you say SOC is dead, what do you mean by that?
  • You refer to a federated approach for Detection and Response” (“route the outcomes to the teams that need them or can address them”), but is it workable for any organization?
  • What about the separation of duty concerns that some raise in response to this? What about the organizations that don’t have any security talent in those teams?
  • Is the approach you advocate "cloud native"? Does it only work in the cloud? Can a traditional, on-premise focused organization use it?
  • The model of “security team as a decision-maker, not an implementer” has a bit of a painful history, as this is what led to “GRC-only teams” who lack any technical knowledge. Why will this approach work this time?

Resources:

79 ตอน