Drew Walsh, Kevin Conklin (Deloitte)

SOCs can be expensive, difficult to scale, and time-consuming for analysts. In this talk, we will outline benefits of a cloud-hosted SOC utilizing cloud-native tools and technologies. We will discuss Deloitte’s implementation of this design; the technologic, economic, and analytic improvements this design provides; as well as proof points we experienced in our implementation of a cloud-hosted SOC.

SOCs are typically designed to meet the near to mid-term needs of an organization and their data capacity can be quickly outpaced by the scale of monitoring sources and reporting needs. SOCs often don’t natively scale appropriately when adding new data sources; when the organization experiences growth; or requirements of the SOC for reporting, mitigation, and response increase. Cloud-native tools and technologies within a cloud-hosted environment enable scalable SOC platforms to support threat hunt, incident response, reporting, and more without data storage limits, high platform response times, and high manual hours on keyboard. Our cloud-hosted SOC platform has shown significant improvements in platform operation and maintenance (O&M), with reduced costs for data storage and access as well as increased productivity of personnel on platform via automation, data speeds, and cloud efficiencies. The cloud-hosted SOC architecture provides several downstream advantages. Deloitte has demonstrated the ability to process data from multiple Zeek sensors in excess of 10Gbps with near real-time processing speeds and store petabytes of data without compromising on ingested data sources. This control over data transfer and added benefit of processing data in the cloud paves the way for additional edge analytic capabilities. Teams can develop analytics to compute at processing to identify near real-time activity and/or filter unwanted data that would otherwise burden a datastore.

Speakers' Biographies
Drew Walsh is an Advisory Manager in Deloitte’s Government and Public Services practice. He has contributed to and leads the research and development of big data cloud architectures and analytics applied to cyber monitoring and anomaly detection. He holds a B.S in Computer Science from West Chester University, an M.S in Information Security Policy and Management from Carnegie Mellon University, and the CISSP.

Kevin Conklin is a Systems Architect in Deloitte’s Government and Public Services practice. He contributes to and leads big data cloud pipeline engineering, data visualization, database migration, and AI/ML development in both AWS and GCP. He holds both a B.S. in Mathematics and an M.S. in Business Analytics from Arizona State University.

View More Papers

Privacy-Preserving Database Fingerprinting

Tianxi Ji (Texas Tech University), Erman Ayday (Case Western Reserve University), Emre Yilmaz (University of Houston-Downtown), Ming Li (CSE Department The University of Texas at Arlington), Pan Li (Case Western Reserve University)

Read More

Augmented Reality’s Potential for Identifying and Mitigating Home Privacy...

Stefany Cruz (Northwestern University), Logan Danek (Northwestern University), Shinan Liu (University of Chicago), Christopher Kraemer (Georgia Institute of Technology), Zixin Wang (Zhejiang University), Nick Feamster (University of Chicago), Danny Yuxing Huang (New York University), Yaxing Yao (University of Maryland), Josiah Hester (Georgia Institute of Technology)

Read More

Kids, Cats, and Control: Designing Privacy and Security Dashboard...

Jacob Abbott (Indiana University), Jayati Dev (Indiana University), DongInn Kim (Indiana University), Shakthidhar Reddy Gopavaram (Indiana University), Meera Iyer (Indiana University), Shivani Sadam (Indiana University) , Shirang Mare (Western Washington University), Tatiana Ringenberg (Purdue University), Vafa Andalibi (Indiana University), and L. Jean Camp(Indiana University)

Read More