This video explains how Resolution Intelligence Cloud helps organizations achieve Autonomic Security Operations (ASO). You will learn the benefits and applications of ASO, how it can protect your organization, the four foundational pillars of ASO and continuous detection/continuous response (CD/CR), and how to implement an ASO framework within an organization.
Transcript of the video:
Welcome to the Labs portion of the Google course "Autonomic Security Operations." Upon completion, you will be able to list the benefits of Autonomic Security Operations, also referred to as ASO, and interpret the many uses of ASO and how it can be used to protect your organization. You will be able to define the four foundational pillars of ASO and continuous detection, continuous response, and learn how to implement the ASO framework for your organization.
Review of Autonomic Security Operations
Achieving and implementing ASO is a must. Phil Venables, CISO at Google, said it best: "Security operations in an increasingly digital world, facing ever more sophisticated adversaries, requires a 10x increase in capabilities. Autonomic Security Operations not only power this improved protection but also set the stage for ongoing transformation to stay ahead of the threat."
The future is daunting, and every organization must achieve 10x gains in efficiency and performance. Before we learn about the what regarding autonomic security operations, let's discuss the why. SOC operations and the hiring and staffing for these groups is burdensome. The SOC in traditional scenarios cannot keep up with the volume and complexity of cyber threats. All aspects of an organization's security and digital operations must improve 10x to keep up with future volume and complexity and eliminate the toil of detection engineering. The autonomic nervous system, which is part of the overall central nervous system, is beneficial to our health and well-being and does not require active attention and energy to maintain.
Within the context of beneficial to us, we dive deeper into the meaning of autonomic in the context of cybersecurity and modern computing and networking. Essentially, things happen for our organization's optimal benefit without active time commitments and attention. Previously, toilsome and noise-chasing activities are eliminated and remediated behind the scenes.
These lower-level tier-1 and tier-2 SOC and cyber functions occur without our direct human intervention. From a computing and cybersecurity perspective, autonomic describes a system that repairs itself and performs routine lower-level functions behind the scenes for security operations. However, the most basic aspect of autonomic, as we mentioned, is its benefit. Yes, decisions and actions take place without direct awareness, but fundamentally, these are beneficial to our bodies. But in regards to security, it's for the health, efficiency, and reliability of security operations.
What does Autonomic Security Operations really mean?
ASO means that businesses can have 24/7/365 realized security value. Human interaction is needed only for the most critical reasons. ASO means that businesses can scale their SOC operations by only focusing on the most critical and the most interesting, rather than detection engineering and threat hunting across too much signal noise.
Now that we understand that the goals and outcomes of ASO are critical, let's briefly review Google's history with ASO. Autonomic Security Operations grew from Google's invention of Site Reliability Engineering (SRE), which is the never-go-down outcome that Google created by the implementation of Continuous Integration (CI) along with Continuous Deployment (CD). CI/CD is a software development approach that emphasizes frequent code changes, automated testing, and continuous delivery of software changes to production environments. The business value of CI/CD is faster time-to- market, improved software quality, increased product quality, increased customer satisfaction, and the ability to respond quickly to changing market demands.
Google approached security challenges in much the same way. So, ASO is another metaphor for bringing Google-class SRE for cybersecurity and for the challenges of threat detection and detection engineering to the market and to businesses.
ASO means an organization has internally identified its priorities based on impact, risk, and what matters most to its strategies to survive and thrive. ASO means that the vast majority of threats are managed by machine learning and robotic processes. Finally, ASO means that the heavy-lifting exercises of detection engineering are vastly minimized, so that data scientists, data engineers, and SOC leaders can focus on only the most complex threats from both a cyber-attack perspective as well as focusing on impact and risk modeling. The ASO key takeaways are: it's beneficial and achievable, and its framework is provided by Google and Netenrich.
Netenrich: Sep 27, 2023 11:00:00 AM
