Understand Process Improvement in Security Operations

---

Goals

• Explore security operations automation concepts.
• Understand automation technologies.
• Explore the relationship between security information and event management (SIEM) and security orchestration, automation, and response (SOAR) products.
• Learn about the importance of processes and consistency in security operations.

Leadership in Security Operations

• Maximize Security Operations Through Automation
  • Security Information and Event Management (SIEM)
  • Security Orchestration, Automation, and Response (SOAR)
• Orchestrating Threat Intelligence Data
  • Data enrichment combines and analyzes data from disparate sources to gain a greater understanding of the threat landscape
  • can involve:
    • combining different threat feeds to get a complete picture of the malicious actors, tools, and tactics that attackers use
    • correlating data from multiple sources, such as network logs, endpoint data, and threat intelligence feeds, to identify and prioritize threats

Understand Technology for Security Operations

• Single Pane of Glass Orchestration
• Application Programming Interface (API)
• Webhook