Drew Walsh, Kevin Conklin (Deloitte)

SOCs can be expensive, difficult to scale, and time-consuming for analysts. In this talk, we will outline benefits of a cloud-hosted SOC utilizing cloud-native tools and technologies. We will discuss Deloitte’s implementation of this design; the technologic, economic, and analytic improvements this design provides; as well as proof points we experienced in our implementation of a cloud-hosted SOC.

SOCs are typically designed to meet the near to mid-term needs of an organization and their data capacity can be quickly outpaced by the scale of monitoring sources and reporting needs. SOCs often don’t natively scale appropriately when adding new data sources; when the organization experiences growth; or requirements of the SOC for reporting, mitigation, and response increase. Cloud-native tools and technologies within a cloud-hosted environment enable scalable SOC platforms to support threat hunt, incident response, reporting, and more without data storage limits, high platform response times, and high manual hours on keyboard. Our cloud-hosted SOC platform has shown significant improvements in platform operation and maintenance (O&M), with reduced costs for data storage and access as well as increased productivity of personnel on platform via automation, data speeds, and cloud efficiencies. The cloud-hosted SOC architecture provides several downstream advantages. Deloitte has demonstrated the ability to process data from multiple Zeek sensors in excess of 10Gbps with near real-time processing speeds and store petabytes of data without compromising on ingested data sources. This control over data transfer and added benefit of processing data in the cloud paves the way for additional edge analytic capabilities. Teams can develop analytics to compute at processing to identify near real-time activity and/or filter unwanted data that would otherwise burden a datastore.

Speakers' Biographies
Drew Walsh is an Advisory Manager in Deloitte’s Government and Public Services practice. He has contributed to and leads the research and development of big data cloud architectures and analytics applied to cyber monitoring and anomaly detection. He holds a B.S in Computer Science from West Chester University, an M.S in Information Security Policy and Management from Carnegie Mellon University, and the CISSP.

Kevin Conklin is a Systems Architect in Deloitte’s Government and Public Services practice. He contributes to and leads big data cloud pipeline engineering, data visualization, database migration, and AI/ML development in both AWS and GCP. He holds both a B.S. in Mathematics and an M.S. in Business Analytics from Arizona State University.

View More Papers

SynthDB: Synthesizing Database via Program Analysis for Security Testing...

An Chen (University of Georgia), Jiho Lee (University of Virginia), Basanta Chaulagain (University of Georgia), Yonghwi Kwon (University of Virginia), Kyu Hyung Lee (University of Georgia)

Read More

Position Paper: Space System Threat Models Must Account for...

Benjamin Cyr and Yan Long (University of Michigan), Takeshi Sugawara (The University of Electro-Communications), Kevin Fu (Northeastern University)

Read More

An Exploratory study of Malicious Link Posting on Social...

Muhammad Hassan, Mahnoor Jameel, Masooda Bashir (University of Illinois at Urbana Champaign)

Read More

RoVISQ: Reduction of Video Service Quality via Adversarial Attacks...

Jung-Woo Chang (University of California San Diego), Mojan Javaheripi (University of California San Diego), Seira Hidano (KDDI Research, Inc.), Farinaz Koushanfar (University of California San Diego)

Read More