Drew Walsh, Kevin Conklin (Deloitte)

SOCs can be expensive, difficult to scale, and time-consuming for analysts. In this talk, we will outline benefits of a cloud-hosted SOC utilizing cloud-native tools and technologies. We will discuss Deloitte’s implementation of this design; the technologic, economic, and analytic improvements this design provides; as well as proof points we experienced in our implementation of a cloud-hosted SOC.

SOCs are typically designed to meet the near to mid-term needs of an organization and their data capacity can be quickly outpaced by the scale of monitoring sources and reporting needs. SOCs often don’t natively scale appropriately when adding new data sources; when the organization experiences growth; or requirements of the SOC for reporting, mitigation, and response increase. Cloud-native tools and technologies within a cloud-hosted environment enable scalable SOC platforms to support threat hunt, incident response, reporting, and more without data storage limits, high platform response times, and high manual hours on keyboard. Our cloud-hosted SOC platform has shown significant improvements in platform operation and maintenance (O&M), with reduced costs for data storage and access as well as increased productivity of personnel on platform via automation, data speeds, and cloud efficiencies. The cloud-hosted SOC architecture provides several downstream advantages. Deloitte has demonstrated the ability to process data from multiple Zeek sensors in excess of 10Gbps with near real-time processing speeds and store petabytes of data without compromising on ingested data sources. This control over data transfer and added benefit of processing data in the cloud paves the way for additional edge analytic capabilities. Teams can develop analytics to compute at processing to identify near real-time activity and/or filter unwanted data that would otherwise burden a datastore.

Speakers' Biographies
Drew Walsh is an Advisory Manager in Deloitte’s Government and Public Services practice. He has contributed to and leads the research and development of big data cloud architectures and analytics applied to cyber monitoring and anomaly detection. He holds a B.S in Computer Science from West Chester University, an M.S in Information Security Policy and Management from Carnegie Mellon University, and the CISSP.

Kevin Conklin is a Systems Architect in Deloitte’s Government and Public Services practice. He contributes to and leads big data cloud pipeline engineering, data visualization, database migration, and AI/ML development in both AWS and GCP. He holds both a B.S. in Mathematics and an M.S. in Business Analytics from Arizona State University.

View More Papers

Ghost Domain Reloaded: Vulnerable Links in Domain Name Delegation...

Xiang Li (Tsinghua University), Baojun Liu (Tsinghua University), Xuesong Bai (University of California, Irvine), Mingming Zhang (Tsinghua University), Qifan Zhang (University of California, Irvine), Zhou Li (University of California, Irvine), Haixin Duan (Tsinghua University; QI-ANXIN Technology Research Institute; Zhongguancun Laboratory), Qi Li (Tsinghua University; Zhongguancun Laboratory)

Read More

QPEP in the Real World: A Testbed for Secure...

Julian Huwyler (ETH Zurich), James Pavur (University of Oxford), Giorgio Tresoldi and Martin Strohmeier (Cyber-Defence Campus) Presenter: Martin Strohmeier

Read More

SoundLock: A Novel User Authentication Scheme for VR Devices...

Huadi Zhu (The University of Texas at Arlington), Mingyan Xiao (The University of Texas at Arlington), Demoria Sherman (The University of Texas at Arlington), Ming Li (The University of Texas at Arlington)

Read More