当前位置:首页 > 报告详情

未来社会组织……未来已来.pdf

上传人: 可*** 编号:991874 2025-12-07 22页 222.56KB

1、The SOC Of the Future(The Future Is Now)Carson ZimmermanSANS Hack&Defend 2025About MeWorked in Security Operations for 20 years SOC Architect/SOC Nerd Microsoft All the SOC personas before that Check out my book if you havent already$0/Free:https:/mitre.org/11StrategiesNot speaking on behalf of my e

2、mployers,past or present“What Do You Think The SOC of the Future Will Look Like?”“The future has arrived its just not evenly distributed yet.”William GibsonYou dont need to forecast the future in cyber.Just look sidewaysits already unfolding.The SOC of the future starts with what weve learned from t

3、he past,and how weve changed our thinking.The tech does not lead,it follows.1:Scale and Focus“The MITRE ATT&CK Framework Is Not A Bingo Card”Josh Zelonis,Forrester1:Scale and Focus Measuring coverage in 4 dimensions ATT&CK coverage Areas of the business IT types:cloud,non-and non-traditional IT Effe

4、ctiveness like detection SNR and data fidelity Misses come from tunnel vision:cover all 4 Network visibility should not be a focus;host should be commoditized The money is where your adversaries are For many of you,thats identity,cloud backplane,cloud resource,and app/service layer2:Data Access/Fede

5、ration/Correlation“We look for the one action,or the one person,that created this mess.As soon as we find someone to blame,we act as if weve solved the problem.”Margaret Wheatley2:Data Access/Federation/Correlation Tomorrow,there will be another portal or data lake Collect and curate data still-aban

6、don the idea you will have all of it,or even most of it Pursue single pane of glass yes,but you wont get down to one single tool Manage tool sprawl and create connections between them Thrive on distributed join/federated query/cross cluster join Build a rhythm that moves data from:doesnt exist-exist

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
根据报告的内容,以下是全文关键点的概括: 1. **未来SOC的基石**:基于过去经验,技术跟随而非领导。 2. **规模与焦点**:覆盖四个维度(ATT&CK框架、业务领域、IT类型、检测效果),关注身份、云基础设施等关键领域。 3. **数据访问与关联**:管理工具 sprawl,实现数据联邦查询,构建数据流动的节奏。 4. **检测**:接受多模态检测,注重数据收集与共享。 5. **图分析**:利用图分析理解攻击路径,实现红蓝对抗的图示化。 6. **调查**:共享查询而非数据,实现数据索引与自动化。 7. **遏制与响应**:实施高协调的遏制策略,利用“超级SOAR”进行规模化的响应。 8. **演变与人力可持续性**:预防疲劳,建立50%的非事件工作容量,实施回顾和PIR。 9. **AI**:AI将辅助人类工作,提高效率和决策质量。
四大维度如何布局?" SOC如何实现单窗格视图?" 从自动化到协作新篇章?"
客服
商务合作
小程序
服务号
折叠