We’ve gotten really good at collecting piles of data. Our customers send us plenty of it and they think every event from every device is being monitored. Are they? Our customers are harnessing an exploding set of cloud and non traditional IT. Past approaches of “slap a sensor on it and call it good” are no longer sufficient. We need to more carefully measure our monitoring coverage, make better use of the data we collect, and ensure our detection program is healthy.
In this presentation, Microsoft’s Carson Zimmerman describes he five essential elements of a successful SOC monitoring and detection program: planning, engaging with customers, leveraging commodity capability, creating custom detection and measuring detection effectiveness.