Using Weekly SOC Metrics Review to Drive Down Recurring Incident Counts
Using Weekly SOC Metrics Review to Drive Down Recurring Incident Counts
Wednesday, April 11 | 1:00PM–2:00PM ET | Baltimore Ballroom A, Fifth Floor
Session Type:
Breakout Session
Delivery Format:
Interactive Presentation
In 2015, we were short staffed and experienced a huge increase in host compromise reports and DMCA allegations. Struggling under the tsunami of work, we began implementing automation to work with our RTIR ticketing solution. As manually processed ticket levels declined, we began looking at how we could reduce our overall incident counts. To get data-supported answers, we established weekly SOC meeting reviews to spot trends at various time intervals to tease out areas of improvement. By gradually reducing the numbers of repeat offenders on campus, we freed up time to focus additional efforts on proactive threat hunting.
Outcomes: Understand and appreciate the force multiplier that automation brings to handling repetitive tasks * Know how to take advantage of weekly SOC meetings to drive down repetitive incident counts * Identify how to make data-driven decisions to focus threat detection, mitigation, and user-education efforts
Presenters
Bob DeSilets
Sr. Information Security Analyst, University of Pennsylvania
David Earley
Director of Security Operations Center, University of Pennsylvania
Melissa Muth
Security Architect, University of Pennsylvania
Mike Sanker
Sr. Information Security Analyst, University of Pennsylvania