未来社会组织……未来已来.pdf

1、The SOC Of the Future(The Future Is Now)Carson ZimmermanSANS Hack&Defend 2025About MeWorked in Security Operations for 20 years SOC Architect/SOC Nerd Microsoft All the SOC personas before that Check out my book if you havent already$0/Free:https:/mitre.org/11StrategiesNot speaking on behalf of my e

2、mployers,past or present“What Do You Think The SOC of the Future Will Look Like?”“The future has arrived its just not evenly distributed yet.”William GibsonYou dont need to forecast the future in cyber.Just look sidewaysits already unfolding.The SOC of the future starts with what weve learned from t

3、he past,and how weve changed our thinking.The tech does not lead,it follows.1:Scale and Focus“The MITRE ATT&CK Framework Is Not A Bingo Card”Josh Zelonis,Forrester1:Scale and Focus Measuring coverage in 4 dimensions ATT&CK coverage Areas of the business IT types:cloud,non-and non-traditional IT Effe

4、ctiveness like detection SNR and data fidelity Misses come from tunnel vision:cover all 4 Network visibility should not be a focus;host should be commoditized The money is where your adversaries are For many of you,thats identity,cloud backplane,cloud resource,and app/service layer2:Data Access/Fede

5、ration/Correlation“We look for the one action,or the one person,that created this mess.As soon as we find someone to blame,we act as if weve solved the problem.”Margaret Wheatley2:Data Access/Federation/Correlation Tomorrow,there will be another portal or data lake Collect and curate data still-aban

6、don the idea you will have all of it,or even most of it Pursue single pane of glass yes,but you wont get down to one single tool Manage tool sprawl and create connections between them Thrive on distributed join/federated query/cross cluster join Build a rhythm that moves data from:doesnt exist-exist