Analyst & Research Reports

O'Reilly Modern Defense in Depth

Issue link:

Contents of this Issue


Page 49 of 53

In the very near future, as learning-enabled machines observe the operations of SOC personnel and when these machines begin to perceive repetitive actions performed by the SOC, these very same machines will be capable of learning from their human counterparts and begin to perform the very same steps. This will require human control over the machines, the aforementioned SML. For example, when a log is received from the various lines of defense into the SOC, a learning-enabled machine will be able to detect that an attack is taking place and act immediately, on its own. This might include calling and executing the appropriate script to change one or many configurations on the various lines of defense via APIs and put nearly immediate protections into place. This activity will not eliminate SOC personnel. Instead, it will give them the automated and advanced weaponry needed to defend against today's dynamic threats. This view of the future is not based upon conjecture; rather, we can already observe it in some mature, cloud-based SOC environments. The SOC personnel of the future will spend most of their time man‐ aging the SML process, and their focus will be on creating foolproof feedback loops to ensure that the machines do not inadvertently make a mistake on their own. The industry is getting very close to realizing the full potential of SML in the context of the modern Defense in Depth (DiD) approach. To take advantage of the future integrated lines of defense found in your own organizations and your cloud implementations, there are a few concrete things you need to be doing now if you want to be ready for (and be part of ) this vision. This includes employing learning-enabled machines to provide complete oversight that will lead to the full and automated integration of the lines of defense your organization uses daily. To prepare, you'll need to do the fol‐ lowing: 1. Acknowledge that SML, automation, scripting, and APIs are the way of the future. 2. Define the various lines of defense in your own organization and fully understand how they operate, where they operate, what they do best, and the deficiencies of each one. 40 | Chapter 5: The Future of Defense in Depth

Articles in this issue

view archives of Analyst & Research Reports - O'Reilly Modern Defense in Depth