Hacking your SOEL: SOC Automation and Orchestration – SANS Security Operations Summit 2018

Hacking your SOEL: SOC Automation and Orchestration

Rob Gresham, Security Solutions Architect, Splunk

The world of daily IT security operations has not changed significantly for the past decade as far as process enablement, but now a new technology has arrived, enabling security teams to operate better, stronger, and faster. Now with automation and orchestration, those mundane processes can be handled by computers, allowing the SOC team to truly focus on identifying and responding to the real threats and attacks. Are you using the machine, or is the machine using you? Hacking your Security Operations Event Lifecycle (SOEL) is about looking at these processes, whether it’s a two-person security operation or a full complement SOC. This presentation will explain how to start identifying the processes that computers can handle on your behalf, and how to go beyond just simple use cases to truly leverage all available security tools to enable agile detection and adaptive response. And if you don’t have those initial processes written down, we will explain how to hack your SOEL model to get efficiency and effectiveness going. Security automation and orchestration isn’t just for big SOC operations or MSSPs.