Protect Your Assets
Showing results for 
Search instead for 
Do you mean 

Implementing intelligent SecOps capability

Cami_Lewis ‎07-18-2016 12:58 PM - edited ‎07-19-2016 01:25 PM

 

What does it take to implement an intelligent security operations capability?  An intelligent security operations center (SOC) is not a technology-in-a-box solution but is a process of maturation and advancing competencies within an organization. In this new whitepaper by HPE Security, you will be guided through a roadmap for building an intelligent SOC step-by-step. 

What separates an intelligent SOC from a SOC?  Read an excerpt from the paper: 

“Mature organizations are able to move into the realm of analytics-driven intelligent SOCs. These intelligent SOCs allow enterprises to move beyond detecting and responding to known attacks into the realm of identifying unknown attacks and anomalous behavior. Collecting large amounts of data is not useful by itself. A guiding vision and plan is needed in order to build systems that will grow with the business needs.”

Capture.PNG

 

Whether you are starting from scratch or looking to take your security operations to the next level, this paper can be used as a how-to guide to validate what you have done thus far and help you plan for the future. 

Click here to download “Intelligent security operations: A how-to guide.

Join us in Washington, D.C. to learn what it takes to create a successful, intelligent security operations capability at HPE Protect 2016. The event takes place on September 13-16! You'll have several SecOps-based sessions to choose from when you select the "Intelligent Security Operations" track from the Session Catalog. We’ll see you at Protect!

About the Author

Cami_Lewis

Cami Lewis - CISSP, CRISC, MSSE, MSIS, is a senior product marketing manager for the HPE Security Portfolio team. In this role, she is responsible for driving security products marketing initiatives, promoting thought leadership, producing content and collateral, industry expert media support, security research communications, and conference/event support.

Comments
Jeffrey Pound
on ‎07-22-2016 01:14 PM

I maintain that ArcSight as well as any decently maintained SEIM would/should meet the government "autditing" requirements of any non-fiduciary system with ease, and should be able to easily meet the auditing requirements of a fiduciary system with a simple change of configuration of the auditing details of that system in the SEIM setup.

I have people here in the Governement that think that "Auditing" a system can ONLY be accompleshed by systems that are special built for that function mand only that function, what say YOU?

alireza ghahrood
on ‎08-28-2016 10:04 PM

This is a good description of a capability model, but several 'Frontier' capabilities may need to move to the left. I don't agree statistical analysis, IOC identification, or Data mining as listed, should be considered advanced any longer. Companies building a SOC capability for the last five years have been including statistical analysis and data mining in the tool chain and skill sets, IOCs through enrichment. Technology companies have been building it in their software for the last two. We might not consider it frontier if it factors into a Gartner quadrant. Where would we class a response capability here? Where would a hunting mission fit in

Events
June 6 - 8, 2017
Las Vegas, Nevada
Discover 2017 Las Vegas
Join us for HPE Discover 2017 in Las Vegas. The event will be held at the Venetian | Palazzo from June 6-8, 2017.
Read more
Each Month in 2017
Online
Software Expert Days - 2017
Join us online to talk directly with our Software experts during online Expert Days. Find information here about past, current, and upcoming Expert Da...
Read more
View all