How security leaders can help SOC analysts adjust to working from home

  • Technology
  • How security leaders can help SOC analysts adjust to working from home

RSA experts discussed how to recreate the collaborative in-person environment that security teams usually work in when there’s not a pandemic.

Amy Blackshaw, director of product marketing at RSA, explained the strategic shifts security teams need to make now that working remotely may become the new norm.

Image: RSA

At the RSA Cybersecurity Summit 2020 on Tuesday, security experts explained how to rethink the security operations center when analysts are working from home instead of side by side. Two RSA leaders shared advice on how to do this during a conversation about how the shift to 100% remote work has affected security teams who have the same challenges all other remote workers have.
Michael Adler, vice president of product at RSA, said that analysts are accustomed to working in a specific physical space with multiple monitors and colleagues in the same room. 

“With everyone working from home, we don’t have that investment that we put into building physical facilities that helped analysts be successful and made the SO (security operations center) more efficient,” he said. “Now analysts are just like every other remote employee working from home.”

SEE: Zero trust security: A cheat sheet (free PDF) (TechRepublic)

Adler said that analysts need a new set of controls and tooling designed for remote work to be as efficient as they were before the pandemic started.

Amy Blackshaw, director of product marketing at RSA and Adler’s partner in the session, had five recommendations for security teams working remotely. Some of these shifts are already in process and others are accelerating:

  1. Automating workflows: Analysts should be able to collaborate and work from the same playbook especially when they are not in the same room. 
  2. Threat detection and response: The SOC should be focused on anticipating attacks that could bypass security controls, especially at the endpoint and the network, and during the reintroduction to working in the office in person.
  3. Reimagining the corporate network: Analysts should redefine what normal traffic looks like during this work-from-home phase, what it will look like as offices reopen, and what reducing risk means in both contexts.  
  4. Reevaluating behavior analytics and insider threat risk: Analytic models also need to be readjusted to understand how employees are behaving in this work-from-home world to understand what anomalies look like in the current version of normal.
  5. Visibility into cloud workloads: SOC teams need to understand third-party cloud environments and add that data into existing analytic models.

Adler said that making these shifts requires taking existing SOC tools and using them differently, including logging, network traffic analysis, and endpoint protection. For example, analysts need a way to investigate endpoints that are now often personal devices as opposed to machines provided by an employer.

“You might not be able to have direct access to the endpoint, but you can be reasonably sure that you can monitor it and have visibility into it,” he said.

Adler said that another new element that analysts need to consider is how employees are accessing software-as-a-service (SaaS) tools.

“The SOC needs access to the appropriate set of logs from SaaS applications to start doing user behavior analysis and mapping out access profiles,” he said.

This is an opportunity to use machine learning in the SOC to review and analyze those access logs. 
Adler also recommended applying analytics to network traffic to reset the data models, relearn normal, and spot the anomalies.

Adler said that orchestration–standardizing processes and threat responses–is one way to ensure that employees of different skill levels who are sitting apart but working together are working from the same playbook.

“That way every analyst can take advantage of best practices and follow standards and guideposts when they are working alone,” he said.

How security leaders can help SOC analysts adjust to working from home

Cybersecurity Insider Newsletter

Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.
Delivered Tuesdays and Thursdays

Sign up today

Also see

Did you like this article? You can read it and many others @ Tech Republic!

From The S3 News Community

Check out posts from our own content writers


Here's the latest news

Exercise tracking, ECG and blood pressure monitoring, trip detection and sleep reports are just some of the tools to look for in the new Samsung Galaxy Watch3. The newest Samsung Galaxy smartwatch is loaded with health and fitness features. The...

Samsung Galaxy Watch3: 7 top health and fitness features

It was the middle of 2016, and Obamacare supporters were stuck.Nineteen states were refusing to participate in the health law’s Medicaid expansion, which provides health coverage to low-income Americans. States run by Democrats eagerly signed up for the program, lured...

Missouri Expands Medicaid, Using Progressives’ New Tactic: Ballot Initiatives

Matthew Stafford's wife Kelly posted a message on Instagram in which she called out the NFL. Kelly Stafford shared her family's struggles after her husband had a false positive test result for COVID-19. However, this news was announced after he was placed on...

Matthew Stafford's wife blames NFL after family was harassed over false COVID-19 test

Today, major streaming services offer the listeners’ demographics data to artists, which creates huge opportunities for artists on many fronts. It is an incredible opportunity to know where your audience lives, what age group they belong to, and who else...

4 Ways To Utilize Streaming Data To Market Your Music

We love these products, and we hope you do too. E! has affiliate relationships, so we may get a small share of the revenue from your purchases. Items are sold by the retailer, not E!. We promise: These accessories won't...

Celebrity-Approved Underwear to Show Off Your Best Assets
Load More
Share via
Copy link
Powered by Social Snap