EP78 Classic SOC Meets Cloud: What Changes? What Stays the Same?

Guest:

• Gorka Sadowski, Chief Strategy Officer @ Exabeam

Topics:

• How do we get a legacy SOC team to think about the cloud?
• How to think about cloud threat detection, in general? What is different … threats, the environment, what else? What is the same?
• How do we know which TTPs are relevant for the new environments? What to bring with us to the cloud?
• Do content/rules and detection engines need to be different to cover the cloud detection use cases?
• What cases are appropriate for machine learning (ML) in the cloud? Does cloud threats drive the need for new ML detections?

Resources:

• "11 Strategies of a World-Class Cybersecurity Operations Center" paper
• "Autonomic Security Operations: How to 10X Your SOC" paper
• "Indicators Of Compromise Vs. Tactics, Techniques, And Procedures" blog
• "How to Build and Operate a Modern Security Operations Center" (Gartner subscription required)
• "A SOC Tried To Detect Threats in the Cloud … You Won't Believe What Happened Next" blog