Autonomic Security Operations 10X Transformation of the Security Operations Center Iman Ghanizada, Dr. Anton Chuvakin For more information visit cloud.google.com Oce of the CISO Table of Contents Executive Summary 3 Landscape is evolving: 3 Aackers are evolving: 3 The SOC must evolve dramatically to tackle these new challenges: 3 Autonomic Security Operations to Transform your SOC: 3 Introduction 4 The SOC mission 5 Why the SOC needs to transform? 6 Business Transformation 6 Expanding Aack Suace 8 Talent Shoage 9 Why should future SOC be dierent? 1 1 What is Autonomic Security Operations? 1 2 10X People 12 10X analyst productivity and eectiveness 1 3 10X coverage of threats and assets 1 5 10X knowledge sharing 15 10X Process 1 6 10X Technology 1 7 10X Visibility 1 7 10X Speed 1 8 10X Signals 1 8 10X TCO 19 10X Inuence 2 0 How to achieve Autonomic Security Operations 2 1 People Transformation 2 2 Process Transformation 2 4 Technology Transformation 2 5 Inuence Transformation 2 7 Conclusion 29 For more information visit cloud.google.com Oce of the CISO Executive Summary Landscape is evolving ● Digital transformation changes an organization's aack suace. Cybersecurity risks are expanding beyond the classic SOC use cases and applying to fraud, identity the, and threats traditionally handled by other teams. Operational fusion is needed now more than ever. ● Technological evolutions in modern computing architecture are constantly changing and more security controls are appearing at all levels of the stack. This increases the volume of data and the potential adverse events that a SOC needs sensory coverage to monitor. ● Supply chains are expanding in depth, and the magnitude of their impact is increasing as the shi away from monolithic applications is boosted by dependencies on purpose-built technologies across rst pay, third pay, and open source soware. ● Network-centric security models are superseded by identity-centric access models as services and architectures exist in and across clouds. Aackers are evolving ● Aackers are taking advantage of these complexities to increase their stealth and ability to persist in an organization while they carry out their mission, and their mission has been increasingly focused on destabilizing organizations and holding them ransom, as well as continuing to steal their valuable information. ● These highly persistent threats are oen undetectable by traditional approaches and require strong threat hunting capabilities and robust threat intelligence to detect. The SOC must evolve to tackle these new challenges ● While cloud environments streamline the ability to detect and respond to threats, most organizations are adopting multi and hybrid-cloud approaches and SOC teams are struggling to ramp up their skill sets and toolsets to adapt to these new architectural paradigms. ● The conventional SOC is not equipped to handle these challenges. There is a shoage in talent that cannot be solved by adding more people alone, the processes that suppo the SOC mission have not been revamped to meet cloud-centric workload needs, and the technologies that are used inside of a SOC are not capable of streamlining detection & response at scale. Autonomic Security Operations to transform your SOC ● So overall, in the face of these challenges, we have an oppounity to do a 10X transformation of the SOC, and so is born Autonomic Security Operations. ● Autonomic Security Operations is a combination of philosophies, practices, and tools that improve an organization's ability to withstand security aacks through an adaptive, agile, and highly automated approach to threat management. ● Our ability to increase & upskill talent to distribute and automate processes with poweul cloud-native technologies will drive our approach to eectively manage modern-day threats at cloud-scale. For more information visit cloud.google.com Oce of the CISO Introduction Cloud transformation has enabled businesses to brin