pdf

lkr2015222.pdf
Lkr2015222

Interview with Chris Crowley on detection deficits and SOC strategies in Japan.

This page contains AI generated content. Errors or omissions may be present. Use human level critical thinking.
  • Q: What operational shift does Crowley recommend for Japanese companies compared to US companies?
    A: Moving away from a pure prevention/compliance mindset to one that embraces active detection and response capabilities.
  • Q: How does the 'Detection Deficit' impact SOC strategy?
    A: It necessitates a shift in investment towards 'Threat Hunting' to find adversaries who have already bypassed preventive controls.
  • Q: What is the specific value of 'Threat Intelligence' described in the interview?
    A: It allows the SOC to move from reacting to generic alerts to anticipating specific adversary tactics (TTPs) relevant to their industry.
  • Q: What is the 'Cultural Barrier' to effective incident response mentioned?
    A: The hesitation to report bad news or admit failure, which delays the activation of the incident response plan.
  • Q: How does Crowley define the 'Active Defense' concept?
    A: Proactively engaging with the adversary's presence (e.g., through deception or disruption) rather than just blocking IPs.
  • Q: What is the recommended approach to 'metrics' for a maturing SOC?
    A: Focusing on 'Time to Detect' and 'Time to Contain' rather than the volume of alerts or blocks.
  • Q: How should organizations address the 'Skills Gap' according to this document?
    A: By investing in internal training and creating a culture of continuous learning, rather than relying solely on hiring external experts.
  • Q: What is the role of 'Automation' in the context of the interview?
    A: To handle low-level, repetitive triage tasks so that human analysts can focus on complex investigations.
  • Q: What is the 'Assume Breach' mentality?
    A: Operating under the assumption that the network is already compromised, which drives proactive hunting and monitoring.
  • Q: How does the document characterize the evolution of 'Malware'?
    A: As becoming increasingly targeted and evasive, requiring behavioral analysis rather than just signature-based detection.

Ask a question

Have a doubt or need clarification?



I’m here to help. Share your question, and I’ll get back to you with the guidance you need regarding the course.

Thank you!

I have received your message and I shall get back to you shortly.