When our kids were growing up we were terrifically fond of the books by Julia Donaldson and Axel Scheffler. The phrases from the books have lived on and transitioned into a part of our family vocabulary. What a lasting legacy they made with that simple pleasure of reading to your children.
One of my favourites was room on the broom and the phrase “The witch tapped the broomstick and woosh! They were gone”. Wouldn’t it be cool if everything was as simple as tapping something and then all of a sudden you were off?
I am writing this post at 05:07 in the morning because I am compelled to consider how we can evolve the CSIRT or Security Operations Centre (SOC) team past the industry of the last 15 years by leapfrogging many legacy solutions that cost time and energy with questionable value. I also feel that at the moment there are many SME companies who need to do something about being prepared to respond to a cyber incident, yet they have neither the resources, expertise or time to address it.
I was dreaming of a scripted solution that builds itself, is easy to maintain and provides up to the minute visualisation of the current state of security affairs. It assists with responding to incidents and allows some documentation and metrics for continuous improvement. Most of all these functions are implemented as interpreted code and the resultant resources, save the storage, are ephemeral. A declarative SOC.
What would this Declarative SOC look like in practice though?
It would need to be configurable on public cloud and not cost so much that it could be affordable to small and medium enterprises but could scale to whatever size was required.
It would need to be expressed as a self updating solution that was tolerant of failure conditions and which could be rebuilt with no loss of state.
It would need to meet a variety of compliance regimes but achieve this by being built and managed in a way that had the hallmarks of prevention so that compliance was a by-product. We are talking about a solution that is zero trust in use and administration.