The Anatomy of a Modern Security Monitoring Program
Presented at ColaSEC on May 18th, 2021 by David Burkett
David is the Security Operations Center (SOC) Manager for the company Corvid Cyberdefense, an MSSP based out of Mooresville NC. David has a background in building SOCs, performing technical assessments as a consultant for other SOCs, and working as a SOAR Architect helping over 3 dozen fortune 500 and major Federal Government agencies create playbooks and automate manual security tasks.
Does your SOC rely on dashboards, low-fidelity OOTB detection logic, and 3rd party threat intel feeds to detect and alert on activity? If so you are not alone. Through my background of working with various Security Operations Centers, the differences I've seen the large and more tech forward companies doing compared to your more average company are staggering. This isn't due to large budgets and being able to buy the most expensive equipment.
Unfortunately for us as defenders, there isn't a lot of great information out there on what these sort of organizations are doing from a process and procedures perspective as blue teams are commonly hesitant to share what they are doing, and a lot of the "Guide to Building a SOC!" blogs on the internet are written by consultants who have never worked in a SOC.
In this talk, my aim is to bring to light, what a modern security program looks like and ways to help you get there using free and open source tools.
Social Media Links: @signalblur / https://www.linkedin.com/in/david-burkett / https://github.com/david-burkett