Using Weekly SOC Metrics Review to Drive Down Recurring Incident Counts

Wednesday, April 11, 2018 | 1:00PM–2:00PM ET | Baltimore Ballroom A, Fifth Floor
Session Type: Breakout Session
Delivery Format: Interactive Presentation
In 2015, we were short staffed and experienced a huge increase in host compromise reports and DMCA allegations. Struggling under the tsunami of work, we began implementing automation to work with our RTIR ticketing solution. As manually processed ticket levels declined, we began looking at how we could reduce our overall incident counts. To get data-supported answers, we established weekly SOC meeting reviews to spot trends at various time intervals to tease out areas of improvement. By gradually reducing the numbers of repeat offenders on campus, we freed up time to focus additional efforts on proactive threat hunting.

Outcomes: Understand and appreciate the force multiplier that automation brings to handling repetitive tasks * Know how to take advantage of weekly SOC meetings to drive down repetitive incident counts * Identify how to make data-driven decisions to focus threat detection, mitigation, and user-education efforts

Presenters

  • Bob DeSilets

    Sr. Information Security Analyst, University of Pennsylvania

  • David Earley

    Director of Security Operations Center, University of Pennsylvania

  • Melissa Muth

    Security Architect, University of Pennsylvania

  • Mike Sanker

    Sr. Information Security Analyst, University of Pennsylvania

Resources & Downloads

  • 2018 SPC Master Presentation

    8 MB, pdf - Updated on 9/5/2024

  • automationattributionstepbystep

    39 KB, docx - Updated on 9/5/2024

  • SOC Self Assessment Questions

    38 KB, docx - Updated on 9/5/2024

  • Ticket Handling SOP Handout

    40 KB, docx - Updated on 9/5/2024

  • Ticket Handling SOP Handout 1

    40 KB, docx - Updated on 9/5/2024