Big Data Security Analytics , Next-Generation Technologies & Secure Development , Security Operations

How to Make the Most of Automation in the SOC

Joseph Blankenship of Forrester Shares Best Practices
Joseph Blankenship, vice president, research director, security and risk, Forrester

Organizations must adopt a new approach to security automation that's tailor-made to address today's threats, says Joseph Blankenship, a vice president and research director at Forrester.

SIEM tools provide SOC analysts with limited contextualized data as well as a disproportionate amount of false positives, he says. So the analysts need to use security analytics and other tools.

“One of the things that we want the analytics to do for us is give us a better picture of what's real and what's not real,” Blankenship says.

See Also: Cybersecurity workforce development: A Public/Private Partnership that enhances cybersecurity while giving hands-on SOC experience to students

He advises organizations to liken security automation to an architecture and engineering exercise. “That requires that we examine what workflows look like, understand the types of threats that we're dealing with on a regular basis, know what kind of technology we have and design the automation to fit that.”

In a video interview with Information Security Media Group, Blankenship discusses:

  • How to gain value from analytics and automation in the SOC;
  • Gaps in satisfaction and expected outcomes when it comes to automating the SOC;
  • The impact of new SOC automation tools, such as extended endpoint detection and response.

Blankenship, vice president, research director, security and risk at Forrester, helps clients develop security strategies and make informed decisions to protect against risk. He covers security infrastructure and operations, including tools for the security operations center, such as SIEM, security analytics and security automation and orchestration, or SAO.


About the Author

Anna Delaney

Anna Delaney

Director, Productions, ISMG

An experienced broadcast journalist, Delaney conducts interviews with senior cybersecurity leaders around the world. Previously, she was editor-in-chief of the website for The European Information Security Summit, or TEISS. Earlier, she worked at Levant TV and Resonance FM and served as a researcher at the BBC and ITV in their documentary and factual TV departments.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.com, you agree to our use of cookies.