Analyst & Research Reports

O'Reilly Modern Defense in Depth

Issue link:

Contents of this Issue


Page 45 of 53

ers gain and share information across their entire customer base concerning internet routing conditions, the current state of DNS worldwide, global DDoS-related outages, latest and greatest botnets and their infected hosts, new attacker tactics, techniques, and proce‐ dures, latest vulnerability information, and more. Advantage of Outsourced SOCs Suppose, for instance, that one of the customers being managed by an outsourced SOC is experiencing a new attack vector, a previ‐ ously unseen source of attack, or some trend or another. The intelli‐ gence gained regarding attackers' tactics, techniques, and procedures from that customer alone can be shared, in an automa‐ ted fashion, via scripting and APIs, to shore up the defenses for every other customer. This has tremendous value because it nearly eliminates the concept of "every man for himself." Many agree that there is currently a skills gap in the cybersecurity industry overall. This gap can be improved through collective human oversight by way of outsourced SOC teams managing the security postures of multiple customers simultaneously. This is the whole point of SECaaS, whereby human-based resources are shared among the masses. When automation, scripting, and API usages are in force, the few can quickly and completely support the many. However, there may be one important drawback when outsourcing your SOC, and it has to do with privacy. Most organizations do not want to share the fact that they are under attack with other organiza‐ tions for a host of different reasons, which is understandable. Today, especially in the light of the EU's General Data Protection Regula‐ tion (GDPR) and other like regulations, privacy is a major concern and can never be taken lightly. My advice if you are considering an outsourced SOC is to make sure the provider shares only the source of attacks with others and keeps the target identities private. Conclusion In this chapter, we covered two methods of integration to empower you to do the same, similarly to the way a modern military operates. We discussed the importance of the synergy that you can obtain by providing examples of how my recommendations can be imple‐ 36 | Chapter 4: How to Achieve the Integrated Approach

Articles in this issue

view archives of Analyst & Research Reports - O'Reilly Modern Defense in Depth