How to Make the Most of Automation in the SOCJoseph Blankenship of Forrester Shares Best Practices
Organizations must adopt a new approach to security automation that's tailor-made to address today's threats, says Joseph Blankenship, a vice president and research director at Forrester.
SIEM tools provide SOC analysts with limited contextualized data as well as a disproportionate amount of false positives, he says. So the analysts need to use security analytics and other tools.
“One of the things that we want the analytics to do for us is give us a better picture of what's real and what's not real,” Blankenship says.
See Also: The Essential Guide to Security
He advises organizations to liken security automation to an architecture and engineering exercise. “That requires that we examine what workflows look like, understand the types of threats that we're dealing with on a regular basis, know what kind of technology we have and design the automation to fit that.”
In a video interview with Information Security Media Group, Blankenship discusses:
- How to gain value from analytics and automation in the SOC;
- Gaps in satisfaction and expected outcomes when it comes to automating the SOC;
- The impact of new SOC automation tools, such as extended endpoint detection and response.
Blankenship, vice president, research director, security and risk at Forrester, helps clients develop security strategies and make informed decisions to protect against risk. He covers security infrastructure and operations, including tools for the security operations center, such as SIEM, security analytics and security automation and orchestration, or SAO.