Anton Chuvakin knows his stuff, so I was excited to have him participate in ESG’s SOAPA video series. In part 2 of our video, Anton and I chat about:
- Security data. I mention to Anton that many SOC teams are buried in large volumes of security telemetry and then ask if we are trying to collect, process, and analyze more data than we need. Anton responds that we have too much “dirty data” that really isn’t useful. Therefore, the challenge is understanding which telemetry is useful, how it’s useful, and which other data elements we need for data enrichment to improve the efficacy and efficiency of our analytics.
- Common Chronicle use cases. Speaking of data, Google Chronicle is unique in that customers can keep security data on-line for long periods of time (without a hefty price tag). What do customers do with this data? Anton mentions the most common Chronicle use cases are incident response and threat detection. He also says that Chronicle is the first security platform to include threat hunting as a core function. No, these use cases aren’t unique, but Chronicle’s approach is.
- The tradeoff between security efficacy and complexity. This will always be a balancing act because security analytics and operations are difficult by default. Anton doesn’t believe there will ever be a magic single solution. Rather, best-of-breed tools interoperability will improve through API integration. Kind of sounds like SOAPA.
- SOC modernization. A nebulous term from the start, so I ask Anton for his definition. Anton describes SOC modernization across people, process, and technology, highlighting things like distributed/integrated tools, changing skill sets and specializations, and broader processes beyond alert triage – like threat hunting and data exploration.
- The future of SOAPA. I always ask my guests to predict the future of the SOC and SOAPA, so it was somewhat surprising that Anton chose to focus on the human element. Despite technologies like machine learning and process automation, Anton insists that we will still need highly motivated and skilled SOC analysts who understand the threat landscape and use their experience and intuition to make sense of the data. I couldn’t agree more.
Many thanks to Anton and the Google Chronicle team for participating in the SOAPA video series. Look for more SOAPA videos soon.