The Analytics-Enabled SOC Splunk's Haiyan Song on Improving Incident Response
The Analytics-Enabled SOC
To detect and deter today's threats, security teams need new and dynamic data analytics capabilities. Haiyan Song of Splunk discusses the analytics-enabled SOC and how to improve incident response.

Song, vice president of security markets at Splunk, is a keynote speaker at the 2014 RSA Conference Asia Pacific & Japan in Singapore. In this pre-event interview, she previews her presentation, "The Analytics-Enabled SOC."

There are two key components of this new big data-fueled security operations center. One is the operational element, which is about giving analysts better tools and data to be more effective in their jobs. The other element is truly analytic, allowing teams to learn from new attacks and techniques, and then apply their learning in the organization's automated security defenses.

"It's a process of getting access to the data, leveraging the data, and using human intelligence ... to discover the relationships among dynamic data sources and activities," Song says. "At the end of the day, it's data accessibility and it's basically having the SOC team focusing on not just detecting attacks, but also understanding the campaigns behind [them]."

In this interview, Song discusses:

  • The most overlooked elements of breach response;
  • How the analytics-enabled SOC differs from traditional SIEM;
  • Key business benefits from big data analytics.

Song is vice president of security markets at Splunk. With more than 20 years of experience, Song previously spent nine years at ArcSight-HP Enterprise Security Products as vice president and general manager, where she was responsible for driving product strategies and business execution. Before that, she was vice president of engineering at SenSage.

Around the Network