Top Security Playbooks
The security operations center (SOC), to borrow parlance from the legendary comedian Rodney Dangerfield, doesn’t get the respect it deserves. But anyone who understands how the beating heart of your security program functions knows otherwise. The SOC is the regulator of the business, responsible for ensuring nothing disrupts it and that its proverbial kingdom keys and secret sauces stay protected.
But with that great responsibility comes great pressure for SOC inhabitants, as they must successfully follow security events from inception to resolution, while in the process overcoming key stressors endemic to a modern-day infosec command center: skills shortages, disparate detection tools and, of course, an abundance of threats amid an even greater number of false alarms.
Security analysts, engineers, architects and managers in the SOC are engaged in a zero-sum game where there can be only one winner. To give the SOC team the best chance to win, they must identify, investigate and respond to threats as quickly and consistently as possible. The key to fast and effective response is having processes documented in what is commonly referred to as playbooks (also known as runbooks).