The Analytics-Enabled SOCSplunk's Haiyan Song on Improving Incident Response
Song, vice president of security markets at Splunk, is a keynote speaker at the 2014 RSA Conference Asia Pacific & Japan in Singapore. In this pre-event interview, she previews her presentation, "The Analytics-Enabled SOC."
There are two key components of this new big data-fueled security operations center. One is the operational element, which is about giving analysts better tools and data to be more effective in their jobs. The other element is truly analytic, allowing teams to learn from new attacks and techniques, and then apply their learning in the organization's automated security defenses.
"It's a process of getting access to the data, leveraging the data, and using human intelligence ... to discover the relationships among dynamic data sources and activities," Song says. "At the end of the day, it's data accessibility and it's basically having the SOC team focusing on not just detecting attacks, but also understanding the campaigns behind [them]."
In this interview, Song discusses:
- The most overlooked elements of breach response;
- How the analytics-enabled SOC differs from traditional SIEM;
- Key business benefits from big data analytics.
Song is vice president of security markets at Splunk. With more than 20 years of experience, Song previously spent nine years at ArcSight-HP Enterprise Security Products as vice president and general manager, where she was responsible for driving product strategies and business execution. Before that, she was vice president of engineering at SenSage.
Additional Summit Insight:
Hear from more industry influencers, earn CPE credits, and network with leaders of technology at our global events. Learn more at our Fraud & Breach Prevention Events site.