Cisco User Group
Soc of the Future
Nathan Smith
Head of Security APAC
User Group Soc Of The Future
Nathan Smith Head of Security, APAC
Industry Trends
| Major Breaches | Regulatory Compliance | Cyber Crime as a service grows | AI Being Weaponized |
 |
 |
 |
 |
| As data breaches scale up, organizations and governments will be forced to spend more money to recover from them | Critical infrastructure regulations , industry specific regulations demand detection & response capabilities. |
Cyber Crime is big Business and the entry level is continually being lowered via as a service models. |
Generative AI capability adopted by cybercrime and Deep Fakes becoming mainstream. |
Key technology shifts in the SOC
Past
- Limited visibility across disconnected data sources and relying on ingest only approach hampers ability to identify high-risk threats amidst the digital noise.
- Reactive threat detection based on signatures or predefined rules with limited threat intelligence enrichment leading longer attacker dwell times.
- Reliance on manual efforts with limited automation for select routine tasks keeping your security team stuck in a reactive mode moving from tool to too.
- Lack of AI to help guide SOC workflows providing no relief for an already overworked and overwhelmed security team.
- Disjointed threat detection, investigation, and response limiting MTTD and MTTR.
Future
- Comprehensive visibility across all data, no matter where located with context for full attack-surface coverage with no “weak” signals missed.
- Proactive threat detection using AI/ML, risk based approach, and comprehensive threat intelligence stopping advanced attacks and slashing dwell times.
- Pervasive automation across threat analysis, containment, response and recovery actions increasing security team’s productivity and efficiency.
- AI guided SOC workflows to help increase efficiency and effectiveness of the security team
- Unified threat detection, investigation, and response dramatically improving MTTD and MTTR.
The SOC of the Future
Unified Threat Detection, Investigation and Response at the Core.
Delivering the essential capabilities
| SOC of the Future | Splunk Security Delivers |
| Comprehensive Visibility | ● Ingest and normalize any data at scale ● Federated search and analytics to access data from anywhere ● Open Cybersecurity Schema Framework open standard |
| Proactive Threat Detection | ● 1,500+ curated detections crafted by Splunk Threat Research ● Behavioral Analytics to detect unknown threats and anomalies ● MLTK to build custom ML solutions for any use case ● Risk based alerting to tackle alert fatigue ● Integrated Threat Intelligence Enrichment |
| Pervasive Automation | ● Automated Threat Analysis for decisive action and rapid response ● Powerful SOAR to increase speed of investigation and response ● Automate efficiently using pre-built playbooks and integrations |
| AI guided SOC workflows | ● Splunk AI Assistant to search for data using natural language ● Embed Splunk AI Assistant for security into workflows |
| Unified TDIR | ● Single, modern worksurface to unify TDIR ● Codify processes into response templates to simplify workflows ● Easy case management within your response templates |
Building on SIEM to drive continued innovation to evolve the SOC
Powering the SOC of the future with the feading TDIR solution
Foundational use cases
Providing the critical capabilities on your resilience journey
| Foundational Visibility See across environments Data Optimization Security Monitoring Incident Management Asset Discovery & Management Compliance Visualization & Reporting |
Guided Insights Detect threats and issues with context Threat Intelligence Enrichment Leverage Cybersecurity Frameworks Risk Based Alerting AI Assisted Guidance Anomaly Detection Threat Hunting |
Proactive Response Get ahead of issues Automate Threat Analysis Automate Containment & Response Actions Orchestrate Response Workflows |
Unified Workflows Collaborate Seamlessly Automate Complete TDIR Life Cycle Standardize SOC Processes using Response Templates Automate Recovery Playbooks Federate Access & Analytics |
Accelerated by Splunk AI
What about AI?
What is AI and Machine Learning?
Artificial Intelligence (AI) – capability of a computer system to mimic human cognitive functions such as learning and problem-solving
Machine Learning (ML) – subset of AI that uses mathematical models of data to help a computer learn without direct instruction
Deep Learning – subset of AI that uses computationally intense ML models inspired by the “deep” layers of the biological neural network of the human brain to accomplish complex goals like image recognition Example: Self driving car recognizes stop sign Generative AI – subset of AI that involves the use of algorithms and techniques to generate new data, things that have not existed in the world before being created by the models
Example: OpenAI Chat GPT
Recent AI Breakthroughs and Trends
- Traditional Cognitive Tasks
Human parity in
● image classification (2015, Microsoft)
● speech recognition (2017, Microsoft)
● text summarization (2019, Google)
● translation (2022, OpenAI)
● reading comprehension (2023, OpenAI) - New and Emerging Capabilities
Generative AI Capabilities
● Chat
● Q&A
● Summarization
● Suggestion
● Code generation
● Image generation
● …… - Domain Specific Innovations
New product categories
● ChatBot
● Security Copilot’s
● Google Duet AI
● AI Assistant
● ……
What’s the benefit to the SOC?
Guidance
Provide guidance to analyst on next steps, lowing the entry level of knowledge needed to investigate and respond.
Faster Response
Reducing the time need to investigate and increasing the response time in taking actions.
Proactive
AI will help SOC teams prioritise activities and to move from reactive to proactive activities.
New
AI Assistant for SPL
Preview in Q1 & GA at .conf
▶ Upskill new and advanced Splunk users quickly.
▶ Translate bi-directionally between NL and SPL.
▶ Receive personalized recommendations.
New
AI Assistant for Security
Investigate faster.
▶ Answer analyst questions to speed up daily workflows.
▶ Save time while addressing threats more rapidly.
▶ Access natively within Splunk ES.
Splunk AI Assistant for Security
Accelerate the SOC with GenAI
 |
 |
 |
 |
| Incident Summarization | Assisted Troubleshooting | Recommended Response | Detection Engineering |
A recognizes leader in cybersecurity
 |
 |
 |
| 5 awards for SIEM and SOAR | Leader Award SIEM and SOAR | A leader in SOAR |
How to get started
Thank you
© 2024 SPLUNK INC.
Documents / Resources
 |
CISCO User Group Soc Of The Future [pdf] User Guide User Group Soc Of The Future, User Group Soc Of The Future, Soc Of The Future, The Future, Future |