Your message has been sent

You can find the message in your personal profile at "My messages".

An error occured

Please try again.

Make an appointment with

So that you can make an appointment, the calendar will open in a new tab on the personal profile of your contact person.

Create an onsite appointment with

So that you can make an onsite appointment, the appointment request will open in a new tab.

Make onsite appointment

Forums it-sa Expo 2023 Knowledge Forum E

Output Driven SOC - Optimized Security and Compliance

Get the critical perspective on redesigning a SOC and experience your own personal A-Ha effect.

Buy trade fair ticket

You can register for this action soon.

You can register for the digital action soon.

Please come back at the scheduled date and time.

The action is currently live. Please scroll down to watch.

This action is only available onsite: Forums it-sa Expo 2023

Add action to bookmarks and download as iCal

Join now

Note: If you continue, the contact data you provided during registration may be transmitted to the respective provider in accordance with our General Terms and Conditions.

Please log in or register in advance so that you can take part in actions or watch the action videos!

This action has already taken place. This action will soon be available as a video.

This action has already taken place. Please scroll down to watch the video.

This action has already taken place. Please login or register to watch the video.

This action has already taken place. It's not available any more.

You are in!

Your ticket / access to the action was sent to you by email.

There is a problem with the action at the moment. Please come back later or contact support.

calendar_today Wed, 11.10.2023, 11:45 - 12:00

event_available On site

place Hall 7A, Booth 7A-102

Action Video

south_east

Action description

south_east

Speaker

south_east

Themes

Managed Security Services / Hosting SIEM / Threat Analytics / SOC

Key Facts

Actionable Alerts
KRITIS Ready
Targeted Response

Organizer

doIT solutions GmbH

Event

This action is part of the event Forums it-sa Expo 2023

Action Video

Action description

An effective Security Operations Center (SOC) is crucial for detecting, analyzing, and responding to threats. In the past, the focus of building a SOC was primarily on selecting and implementing detection technologies and generating alerts. However, this traditional approach often neglected a critical aspect: What actually happens with all the generated alerts, and more importantly, who handles them?
We believe it's time to take a new perspective on how we construct a SOC. Instead of primarily emphasizing alarm generation technologies, we place a greater focus on the process of alarm processing. After all, unprocessed alarms are not much more valuable than having no alerts at all. The key is how we handle these alerts, prioritize them, analyze them quickly, and respond to them. Alarm processing is most efficient when all incidents are fully handled through a unified platform. This allows information from all connected technologies to be aggregated at an early stage, specifically during the First Level Response, and triggers consistent reactions.
Rather than approaching threat detection by asking which tools we should use, we start with the desired outcomes. Which IT risks should be reduced? What compliance requirements must be met? Which IT services and systems are in productive use? Following the minimalist principle, we then select the most suitable technologies, such as SIEM, EDR, and NDR, and integrate them into a collaborative process.
Similar monitoring cases can be implemented independently of the technology used. Intelligent automation and prioritization become possible, thereby enhancing the quality of SOC performance while optimizing costs.
A significant part of the operational work in the SOC comes from continuously improving alarm processing. Streamlined SOC processes not only positively impact response times but also help reduce efforts.
Another aspect we incorporate into our approach is collaboration with other teams and departments within the company. A SOC should not work in isolation but rather collaborate closely with the IT department and other relevant stakeholders. Through seamless integration and information exchange, we can ensure an effective response to security incidents and minimize the impact of attacks.
If you are ready to change your perspective on SOC construction and pursue a holistic security strategy, we are here to assist you. Let's work together to shape the future of security and protect your company from constantly evolving threats ... read more