Modernizing SOC ... Introducing Autonomic Security Operations
Iman Ghanizada
Global Head of Security Operations Solutions, Google Cloud
Anton Chuvakin
Security Advisor, Office of the CISO
Modernizing your Security Operations practice to protect against today’s and tomorrow’s threats is a significant undertaking that involves transforming how people approach security challenges, how workflows are engineered to achieve secure outcomes, and how technologies can be leveraged to maximize their value.
Today, we’re thrilled to announce Autonomic Security Operations, a prescriptive solution to guide our customers through this modernization journey. Autonomic Security Operations is a stack of products, integrations, blueprints, technical content, and an accelerator program to enable customers to take advantage of our best-in-class technology stack built on Chronicle and Google’s deep security operations expertise. The solution delivers value whether the clients are looking to reimagine their Security Operations Center (SOC) or augment their team with an expert MSSP. Our focus is to help Security Operations teams drive a 10X improvement across their people, processes, technologies, and their ability to drive influence across their organization.
“Security operations in an increasingly digital world, facing ever more sophisticated adversaries, requires a 10X increase in capabilities. Autonomic Security Operations not only powers this improved protection but also sets the stage for ongoing transformation to stay ahead of the threat.” -- Phil Venables, Chief Information Security Officer, Google Cloud
What is Autonomic Security Operations?
We define Autonomic Security Operations as a combination of philosophies, practices, and tools that improve an organization's ability to withstand security attacks through an adaptive, agile, and highly automated approach to threat management.
This multidisciplinary approach to threat management mirrors the successful convergence of development and operations adopted by so many organizations today. When Development teams building code and IT Ops teams managing operations understood that the root causes of their issues in the software development life cycle could be solved by reimagining the way they worked together, this spurred the advent of DevOps that radically transformed the world.
The SOC faces similar challenges -- alert fatigue, siloed functions, a permanent shortage of resources, and the pressures of a neverending threat to the organization. Achieving an autonomic state of existence is based on the belief that in order to withstand security attacks, Security Operations teams will need to transform their work to become an innate defense mechanism for the organization, the same way that DevOps strives to provide this capability on the IT side.
How to evolve to Autonomic Security Operations?
Driving towards this aspirational state of autonomic existence, where Security Operations is an inherent function of a highly effective organization, will require a guided experience to pioneering this transformation. We’ve created a solution stack to offer products, integrations, blueprints, content, an accelerator program, and preferred partners to support your efforts.
Our solution stack is comprised of:
Product(s)
Chronicle
Looker
BigQuery
Integration(s)
Integrations to supported vendors (EDR, SOAR, and more)
Blueprint(s)
Network Forensics & Telemetry
Content
Sample dashboards, rules, and use-cases
GCP Logs MITRE ATT&CK Mapping
Security Detection Field Manual
SOC Transformation Whitepaper
Accelerator
Accelerator Workshops
Partner(s)
Preferred SOC transformation partners
Preferred MSSP partners
Strategic partners deliver the solution
We’re excited to offer this solution to customers seeking to transform their SOC, as well as customers who are looking to augment their capabilities through a managed security service provider (MSSP).
In what is just the first stage of a growing security relationship between our organizations, we are also partnering with BT to bring our new Autonomic Security Operations solution to the managed security services market.
Customer engagements will be led by experts from BT’s Security Advisory Services team, who will use their insight and expertise to help organizations optimize their security estate, by ensuring they have a strategy and architecture design that perfectly aligns with their priorities and ambition.
“Combining Google ASO’s technological capabilities with BT’s view of global networks and our experience of providing managed security services to major organisations is a really exciting development. This partnership will ultimately help our customers to better identify risks and enhance their defences against an increasingly challenging cyber threat landscape” - Tris Morgan, Director of Global Consultancy and Cyber, BT Security
Autonomic Security Operations is backed by our robust partner ecosystem supported by long-standing relationships with Cyderes, SADA Systems, among others, to accelerate the Security Operations modernization journey.
Learn more about our commitment to transforming your Security Operations program here and download our Autonomic Security Operations Whitepaper here.