Overview
Explore the challenges, solutions, and key learnings from operationalizing a Security Operations Center in this 47-minute Black Hat conference talk. Gain insights into increasing threat hunting coverage for on-premise and cloud environments, implementing behavioral analytics for anomaly detection, and enhancing SOC capabilities for rapid product deployment and validation. Discover strategies for addressing operational issues, understanding risk tolerance, ensuring regulatory compliance, and managing various domains of risk. Learn about decryption techniques, the importance of metadata analysis, targeted inspection methods, and the integration of inline solutions. Examine the relationship between network and security operations, and understand the role of automation in modern SOC management.
Syllabus
Introduction
Risk Tolerance
Regulation Compliance
Capabilities
Domains of Risk
Challenges
The Problem
The Solution
Decrypting
Metadata
Network metadata
Targeted inspection
Inline solutions
Network vs Security
Automation
Taught by
Black Hat