Shifting Mindsets: Modernizing the Security Operations Center

A concept from Microsoft’s Threat Intelligence Center, presented by John Lambert caught my attention as I recently reviewed some of the MITRE ATT&CKcon sessions. His speech was about advancing InfoSec towards an open, shareable, contributor-friendly model of speeding up InfoSec learning. John researched how certain defenders have been highly successful in defending their networks, particularly where some others had been in the news for failing many times before. In doing so, he found that although many defenders operate in a similar way, what the successful security guys (advanced defenders) vs. the less successful security guys (traditional defenders) had in common was “a different kind of mindset’.

Here’s the difference between ‘old school’ and ‘new school’ defender mindsets:  

Building on this research, I wanted to share some practical tips on how to shift from 'old school' to 'new school' defender mindsets, allowing you to modernize your security operations center. In doing so, this will help reduce time spent on the daily chaos, and allow more time to mature your security operations team:

As you can see from the above, we’re here to help at Splunk! Whether you’re starting to build a centralized log management platform for security investigations, looking to optimize your existing SIEM System, or want to gain efficiencies in your Security Operations Center environment - we can offer a helping hand. Spoilt for choice of where to start? Why not check out our What’s New in Splunk Enterprise Security Webinar, and learn how automation works in Cyber Security in our IS YOUR SOC SOARING OR SNORING? Webinar.



Matthias Maier is Product Marketing Director at Splunk, as well as a technical evangelist in EMEA, responsible for communicating Splunk's go-to market strategy in the region. He works closely with customers to help them understand how machine data reveals new insights across application delivery, business analytics, IT operations, Internet of Things, and security and compliance. Matthias has a particular interest and expertise in security, and is the author of the Splunk App for IP Reputation. Previously, Matthias worked at TIBCO LogLogic and McAfee as a senior technical consultant. He is also a regular speaker at conferences on a range of enterprise technology topics.