Maintaining a SOC (WITH Rob Gresham)
ADVANCED PERSISTENT SECURITY PODCAST
February 20, 2017
If you enjoy this podcast, be sure to give us a 5 Star Review and “Love Us” on iTunes; Like us on Google Play, Stitcher, Sound Cloud, Spreaker, and YouTube.
NOTE: The opinions expressed in this podcast are ours alone and do not reflect those of our employers
Maintaining a SOC (WITH ROB GRESHAM)
Joe introduces Rob Gresham. Rob explains the Intel/McAfee/Foundstone dynamic. Rob tells us about the 6 degrees of Foundstone and the associated businesses and people. We recall and discuss SuperScan. We cover Threat Hunting in terms of what it is and it is not. Rob explains that Threat Hunting is learning YOUR ENVIRONMENT and determining when/where/how to meet the enemy. Joe characterizes it as “Purple Teaming.” Rob provides an application of the Scientific Method using hypotheses to evaluate purple teaming.
Rob stresses to not be Elmer Fudd. Joe postulates IT F.U.D. (Fear, Uncertainty, Doubt, Elmer’s nephew). Rob talks about attribution versus retribution. We talk about APTs and motivations of other types of attackers. Social Media as C2 (Command and Control) is discussed. We discuss the identification of Indicators that can be used in an actionable context. Joe gets on his training and awareness soapbox. The Cyber Kill Chain makes an appearance in regards to the applicability in network defense.
In this special episode, the final in a two part series, we discuss how to create and maintain a successful SOC – Security Operations Center. Rob discusses the considerations in creating a maintaining a SOC in terms of goals and the environment around the SOC. He explains what a BOT is – a Build, Operate, Transfer model used by firms when helping organizations build their SOCs. Rob talks about decision making in terms of deciding to go with a Managed Security Service Provider (MSSP). Joe talks about contracts and SLAs as they relate to liability then transitions to realistic expectations. We close the segment in discussing sensor locations.
Rob Gresham has extensive experience executing and instructing on cyber threat intelligence. Primarily on the information flow and analysis of operational, strategic and tactical cyber intelligence. He has extensive experience building data centers and enterprise environments with the proper security architecture and robust designs that enable business security needs and maturity over time with less rework. With extensive experience, Rob investigates compromised systems, performs memory analysis and determines the scope of the breach. Rob has a perceptive talent for visualizing processes, workflows and procedures which has help tremendously when designing SOC process framework. He has successfully built security response teams that provide incident response for SOCs and critical infrastructure and key resource restoration teams.
JOE’S SECOND BLOG ON CISOCAST
JOE’S Social Engineering BLOG ON Black Hills Information Security
JOE’S AlienVault Blog about Insider Threat
JOE’S Sword & Shield BLOG Post
JOE’S First BLOG ON CISOCast
Joe’s Blog on Jenny Radcliffe’s Deception Chronicle
Joe’s Dyn DDOS Blog on Tripwire:
Joe’s Ranking in the AlienVault Top Blogs of 2016:
PASSWORD BLOG LINKS:
WI-FI BLOG LINK:
JOE’S BLOG ON ITSP:
Joe’s Blog on Tripwire:
Joe’s Blogs on Sword & Shield Enterprise Security’s site:
Joe’s Work with WATE 6 News in Knoxville, TN:
Thanks for stopping by and checking out our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.