Scott Dally on the SOC, breaches, insiders, risk and cybersecurity
January 17, 2019
Enterprise Times recently went to Omaha, Nebraska. While there, we talked with Scott Dally, Director of the Security Operations Centre for the Americas Region at NTT Security. Dally is responsible for the security offerings that NTT Security provides for its customers. This includes vulnerability management, threat detection services and enterprise security monitoring.
Dally’s team provide support to customers using Active Guard, NTT Security’s own SIEMsolution. One of the main roles of the security analysts in Dally’s team is to manage security alerts from customers. Many of these alerts come from rules generated by the SIEM used by the customer. To further enhance this, Dally has a team that do nothing but create new rules based on vulnerability alerts that come the National Vulnerability Database. Once deployed, the rules increase the level of security at customer sites.
Inevitably, companies will experience a security breach at some point. This is also where the SOC team comes into play. They work with customers to develop their Incident Response plans. They also help customers understand the challenge of forensics. This is a growing area in cybersecurity. When an incident occurs, many organisations are so focused on how to solve the problem that they inadvertently destroy evidence. Dally has security experts who can deploy to a client site to help deal with a breach while still retaining the evidence required to prosecute the bad guys.
In the podcast Dally also talks about a number of other issues that he sees enterprise customers facing. Many of these are problems that experienced SOC teams can solve for the business.
To hear what else Dally had to say listen to the podcast