Shifting Mindsets: Modernizing the Security Operations Center

By Matthias Maier

A concept from Microsoft’s Threat Intelligence Center, presented by John Lambert caught my attention as I recently reviewed some of the MITRE ATT&CKcon sessions. His speech was about advancing InfoSec towards an open, shareable, contributor-friendly model of speeding up InfoSec learning. John researched how certain defenders have been highly successful in defending their networks, particularly where some others had been in the news for failing many times before. In doing so, he found that although many defenders operate in a similar way, what the successful security guys (advanced defenders) vs. the less successful security guys (traditional defenders) had in common was “a different kind of mindset’.

Here’s the difference between ‘old school’ and ‘new school’ defender mindsets:

Building on this research, I wanted to share some practical tips on how to shift from 'old school' to 'new school' defender mindsets, allowing you to modernize your security operations center. In doing so, this will help reduce time spent on the daily chaos, and allow more time to mature your security operations team:

As you can see from the above, we’re here to help at Splunk! Whether you’re starting to build a centralized log management platform for security investigations, looking to optimize your existing SIEM System, or want to gain efficiencies in your Security Operations Center environment - we can offer a helping hand. Spoilt for choice of where to start? Why not check out our What’s New in Splunk Enterprise Security Webinar, and learn how automation works in Cyber Security in our IS YOUR SOC SOARING OR SNORING? Webinar.

Best

Matthias

Matthias Maier

Matthias Maier is Product Marketing Director at Splunk, as well as a technical evangelist in EMEA, responsible for communicating Splunk's go-to market strategy in the region. He works closely with customers to help them understand how machine data reveals new insights across application delivery, business analytics, IT operations, Internet of Things, and security and compliance. Matthias has a particular interest and expertise in security, and is the author of the Splunk App for IP Reputation. Previously, Matthias worked at TIBCO LogLogic and McAfee as a senior technical consultant. He is also a regular speaker at conferences on a range of enterprise technology topics.

Security 12 Min Read

Detecting & Hunting Named Pipes: A Splunk Tutorial

Named pipes can be threats, too. In this comprehensive article, we are going to talk about detecting, hunting and investigating named pipes.

Security 6 Min Read

Splunk For OT Security: Perimeter And Vulnerability Evolution

This blog focuses on the latest enhancements made to Splunk's OT Security Add-on, including highlighting key features and improvements that have been made in version 2.1

Security 6 Min Read

Security Insights: Detecting CVE-2024-4040 Exploitation in CrushFTP

The Splunk Threat Research Team explores how Splunk can help you identify and investigate CVE-2024-4040 exploitation in your CrushFTP environment.

About Splunk

The world’s leading organizations rely on Splunk, a Cisco company, to continuously strengthen digital resilience with our unified security and observability platform, powered by industry-leading AI.

Our customers trust Splunk’s award-winning security and observability solutions to secure and improve the reliability of their complex digital environments, at any scale.

Learn more about Splunk

Shifting Mindsets: Modernizing the Security Operations Center

Related Articles

Detecting & Hunting Named Pipes: A Splunk Tutorial

Splunk For OT Security: Perimeter And Vulnerability Evolution

Security Insights: Detecting CVE-2024-4040 Exploitation in CrushFTP

About Splunk

Subscribe to our blog

Connect with Splunk on X

Connect with Splunk on Instagram