How Can I Efficiently Organize and Lead the People on My Team?
Organizing your team to protect your environment with agility is a difficult task with all the varied skills and challenges related to traditional security operations center (SOC) structures.
We asked our partners at Red Canary, who every day provide security solutions that harness the visibility of Carbon Black’s products, to share how they keep up with the constantly evolving functions of today’s intelligence-driven security teams.
Here’s what Red Canary had to say:
“At Red Canary, efficiency starts with breaking down the structures seen in traditional SOCs. We have found the most success by moving beyond an operation that focuses solely on event analysis. To do this, we include our Intel team in engineering efforts, engineers in analysis efforts, and so on. Rather than assigning each team member a label to exclusively focus on, each person has a core ‘practice.’ They still develop and improve within their practice, but they are also challenged to engage with other functions in the SOC.
April 12, 2018 2:00PM EST
Live Webinar: Operationalizing Your Threat Hunt
Join Carbon Black and Red Canary for a live threat hunting demo.
“This approach completely bucks traditional views of security operations, and has led to amazing innovation within our security team and around the investigation process. Our engineers are actively examining the analysis process, seeing the results, and continuously working to develop efficiencies for our analysis team. This approach has led to data analysis and automation efforts that have removed the need for in-depth investigation in nearly 10% of all threats. It has led to effective suppression that provides each individual analyst with the ability to ‘tune’ detection criteria during an investigation. That tuning is then used to automatically suppress potential threats in the future. Doing so has enabled our analysts to be 4-5X more efficient over the last three years, and much of this can be attributed to how we evolved our security team by removing more traditional, time-intensive job functions.”
Red Canary leverages the rich, unfiltered endpoint data from Cb Response to continuously monitor customers’ endpoints, review suspicious activity, eliminate false positives and provide actionable detections so customers can respond faster. Together, Carbon Black and Red Canary combine best-in-breed technologies and techniques to cover the full kill chain:
- Carbon Black provides unfiltered visibility
- Red Canary’s Threat Detection Engine and Carbon Black’s Predictive Security Cloud deliver unparalleled detection
- Human analysts provide the intuition and expertise needed to focus on the most serious threats
The detailed detections and endpoint visibility with Carbon Black and Red Canary assist any team with the essential tools needed for rapid and complete response.
For more information on strategies, team structure, and processes to help blue teams transform their threat hunting efforts from an ad-hoc tactic into a regular operational effort, join Carbon Black and Red Canary for a live webinar on April 12th.