New Paper: “Future Of The SOC: Process Consistency and Creativity: a Delicate Balance” (Paper 3 of 4)

Anton Chuvakin
Anton on Security
Published in
3 min readJan 10, 2022

--

Sorry, it took us a year (long story), but paper #3 in Deloitte/Google collaboration on SOC is finally out. Enjoy “Future Of The SOC: Process Consistency and Creativity: a Delicate Balance” [PDF].

If you missed them, the previous papers are:

My favorite quotes are below:

  • “This paper highlights ways to create a consistent set of core processes, yet still allow room for creativity within the process set for your SOC.” [A.C. — capturing this magic was our focus for the paper!]
  • “Strong thought out processes are sometimes (unfairly) seen as the most boring of the people, processes, and technology triad. But they are what differentiate mature organizations with capabilities from those with a collection of the latest shiny toys. ”
  • “The security community has become increasingly vocal in its belief that out-of-the-box use cases from nearly any vendor do not cut it anymore. This is not to disparage vendor’s products; it is simply an admission that anything intended to be globally applicable to thousands of customers in a constantly evolving threat landscape is bound to come up short for the most pressing threats. A marriage of out of the box use cases with robust and continuous engineering of detections and process automations is needed for the modern SOC to keep pace.
  • “True innovation can be scary for most security organizations because it is, to a certain extent, a commitment to organic and messy growth rather than measurable procedures. The challenge for a modern SOC leader is thus balancing the desire for consistency — backed by repeatable, predictable, and effective processes on one side — and the desire to harness human creativity, initiative, and perhaps even irrationality on the other side. ”
  • A highly functioning modern SOC, one that is able to anticipate and detect threats on their way in rather than on their way out, has likely attained that balance between consistency and creativity. But how is this balance achieved? The trick is to create an unconventional, but somehow harmonious mixture of consistent, repeatable processes and human, anarchic, and spontaneous creativity.“
  • “In some maturity models, the highest maturity level is called “Optimizing.” Perhaps this best captures the vision of how a good SOC should look. Ultimately, security professionals are not striving for consistent operations alone; they are aiming for this elusive maturity tier whereby the previous foundational levels are so well entrenched that the SOC can spend its time truly optimizing, in a living, ever-adapting model.
  • “The better road is to build consistency and grow through lower maturity levels, and then let creativity loose within the processes that are already built. ” [A.C. — for more details on how, see the paper!]
SOC Consistence vs Creativity visual from the paper

Enjoy! We are writing the final paper 4 as we speak :-)

Related blog posts:

--

--