Out from the Shadows: SOC Teams Take Their Seat with the “Superheroes”

By Karthik Kannan, Founder and CEO, Anvilogic

Watch any superhero movie and it follows the same playbook: the story revolves around the superhero, at the midpoint of the movie there is a fight scene where the superhero fights the villain and saves the day. There is widespread destruction. The superhero “saves the day” and then heads home. They had one mission: to stop the villain.

What next?

The movie ends, but we don’t think about the real work that begins next: figuring out where to start and re-building the city and building the process to bring the people back to the city. It takes a lot more effort, and a lot more than one “hero” to rebuild the city. We celebrate the superhero with the “S” on their capes. The S should stand for “security”, the unsung heroes working through the year to prevent the attacks or rebuilding the city to make it stronger than before after a battle.

The folks that come out to rebuild and the ones that assess how the villain got in, in the first place. They are the people that work behind the scenes every day of the year to prevent attacks from occurring on a regular basis. They may not wear a cape; they may not make it into the “movie” and they often don’t even have a seat at the table with the other superheroes. Sometimes, they are even thought of as a “cleanup crew.” Truth is, without the team members working in the SOC (Security Operations Center), no one would know how the villain got in and how to prevent it from happening again, the villain could have overtaken the city, and the city may not have been able to be rebuilt.

Today, we celebrate these unsung heroes, shine a light on what they are doing from the trenches and what they need from their teams (the ones who are in the spotlight) to be successful.

Why are These Heroes in the Shadows?

Not all villains take out cities in the same way. It is the SOC teams who understand who the different villains are, what they do, how villains influence other villains and may use exploits from other hacker groups. It is not always obvious where the entry points are and the vulnerabilities could be. Sometimes people just doing their jobs unknowingly create entry points, like through a phishing attack. It is the SOC teams who set up parameters without which the cities could have seen a lot more

destruction and impacts on the most critical infrastructure. It is the SOC teams that makes the best out of a bad case scenario. Cool new security tools come out all the time. And even if a superhero has a full toolbelt of tools, there still needs to be training and understanding of how or what to use. It’s the SOC teams that work to help delineate what tools are needed and when to use them.

In this story it’s the superhero that should be the one preventing more security breaches to make sure villains don’t get in, and in the rare event that they do, studying how they got in and their attack patterns to ensure that the city can be rebuilt faster and more fortified against future threats. So, why are these heroes the “unsung heroes”? How did they get into the trenches? They have two problems:

• They do everything from the “task-based” work, to transforming security architecture to staying up on the latest threats while also pivoting based on different business priorities to help keep organizations stay safe from attacks. Since security teams work around the clock and have to spend most of their time on low-level tasks that should be automated, their burnout leads to high- churn that leads to loss of knowledge transfer and only perpetuates this cycle.
• The second problem is a lack of understanding of what they do by the C-suite and line of business executives. They often (60% of the time according to a recent survey of decision makers responsible for threat detection) don’t recognize, or underestimate, the role of SOCs in mitigating business risk and helping drive business success.

If SOC teams are empowered with ways to do their jobs more easily, they wouldn’t be stuck on cleanup. Teams that can leverage automation to help with the detection lifecycle they wouldn’t be able to keep up with trending threats and reduce the time it takes to detect and threat. While hackers are working 9-5 to gain access to an organization’s infrastructure and gather information to exploit, SOC teams are only able to focus a third of their attention on attack mitigation. This means that they are sometimes going to lose the battle to attack groups.

There’s an idea of security being a bottleneck (like when they email you to change your password), but it doesn’t have to be this way. Security can join forces with all the superheroes to do an even better job protecting the city (your company). How do we ensure that the “unsung hero” is able to win more battles against the attack groups, and come out of the trenches to be seen as a strategic partner to the C-Suite?

The Dollars are in the Detections – Helping the Unsung Heroes Soar

The right detections can make the unsung hero soar. There are currently trade offs in SOCs being made between getting things out faster and good detections. And, according to the threat detection decision makers survey noted before, more than three quarters (77%) desire new ways to engineer detection rules. The right detection engineering platform can be a lifeline in the trenches and simultaneously the rope that pulls security teams out of the periphery and into the forefront where the C-suite can recognize their contributions and achievements.

Detection engineering is the facet of security operations that the C-Suite cares most about. With the right platform in place and using AI in concert with security professionals, security teams can do their jobs faster, do their jobs better and let the platform handle the cleanup.

Security teams can not only focus more of their time on strategic thinking and chasing the real

threats before they destroy a city and less on task-based work that can be automated, but can become a part of strategic C-suite discussions so that they are best supported to continue fighting off the villains.

Having the right strategies and technology in your toolkit can be the difference for your team. Let’s let the unsung heroes use their powers to the fullest extent, and what they were meant for. Let’s make sure the right hero is being recognized.

About the Author

Karthik Kannan is the Founder and CEO of Anvilogic, a venture-backed cybersecurity startup based in Palo Alto. He previously led Security Analytics at Splunk following the acquisition of his previous company, Caspida. Before co-founding Caspida, Karthik was a founding executive member of other successful startups ultimately acquired by large public corporations. He’s also worked at NetApp and Goldman Sachs. Karthik has three decades of experience across cybersecurity, analytics, and big data specializing in general management, product development,strategic planning, marketing, and advisory. He’s an active volunteer in programs benefiting the local community in the Bay Area and his native India. Karthik can be reached at [email protected] and at our company website: https://www.anvilogic.com.