How can my team keep track of the threat landscape? What’s the best way to manage my company’s move to cloud-based and SaaS-based solutions? And how can I keep up with compliance regulations? Is there a better way to do all this?

This year’s keynote at the Sumo Logic Modern SOC Summit addressed these questions and more as Greg Martin, Sumo Logic’s General Manager and VP of Security, talked with Byron Acohido, a Pulitzer-prize winning cybersecurity journalist, about some of the challenges and changes facing the modern SOC.

The legacy SOC was human-scale

In the old days, when organizations owned everything related to their computing systems, a handful of human analysts with a wall of giant monitors could see every cyberattack hitting an organization on any given day.

Greg himself built one of the first SOC organizations, at NASA, fifteen years ago. But, as he pointed out, things have changed a lot since then: “With the explosion of data and the move to the cloud, the increased number and sophistication of attacks, security operations is just really not a human-scale problem anymore.”

Every SOC has been dealing with the problem of information overload for the past several years. Data logs from network devices and firewalls have been joined by streams of data generated by cloud and edge devices. Employees used to sit in offices using a single desktop machine. Now, they may still use that desktop machine but they also use a laptop or a tablet, and at least one phone—all of them connected to the network and generating data that must be collected, monitored, and analyzed.

The current SOC mixes humans and automation

As a journalist covering cybersecurity, Byron has seen many organizations in the last few years moving to leverage orchestration and automation tools, including playbooks and scripts that can filter out the low-hanging fruit and highlight higher risk data for review by SOC analysts.

That approach has worked fairly well so far, but as Greg mentioned, two factors are driving big changes in security operations:

1. the move to the cloud, and

2. the move to work from anywhere, accelerated by COVID-19.

Threat actors are now taking full advantage of this changing threat landscape, with nation-state attackers running extremely sophisticated supply chain and chat attacks that have compromised hundreds of global corporations and government entities.

The Modern SOC is a whole different paradigm

SOC teams need to rethink their security strategy to keep up with the challenges of a hybrid on-premise and in-cloud infrastructure. In Greg’s view, having the right tools, using them in tandem with the right technologies, and leveraging automation to make sense of all that data is a core paradigm for a modern SOC. Modernizing security operations means investing in technology and in processes to make the most of the organization’s tools and team, so that they can keep up with the increasing frequency and sophistication of cyberattacks.

The modern SOC needs to manage the security of both on-premises and cloud-based assets and deal with the ever-increasing amounts of data from all those assets. As the worldwide movement to the cloud accelerates, this learning process includes understanding newer technologies, from Docker to Kubernetes to AWS S3 buckets, with their separate security protocols and requirements.

The modern SOC needs to evolve from a geographically-located single-focus group to a globally diverse team familiar with both hybrid tools and technologies. Building the right distributed team, providing them with the right tools, like Sumo Logic Cloud SIEM, and streamlining processes to provide faster intelligence for better decision-making makes for a SOC that can handle the challenges of an ever-shifting threat landscape.

Listen to the rest of the conversation…

Listen to Greg and Byron discuss the challenges of running a modern SOC, including:

• The complexities of cloud-based controls and policies

• How smart API technologies are essential to modern monitoring

• Why humans will always hold the lead role in defending against cybersecurity attacks