Heidi has seen many Security Operations Centers (SOC) over her career. She has seen many SIEM tools and many SOC cultures. She describes why she chose Elastic and sees the future in Elastic. 

Nathan Stacey and Heidi discuss the evolution of security operations centers (SOCs) and the role of Elastic in modernizing the SOC. They talk about the transition from network operations centers (NOCs) to SOCs and the importance of integrating security and network teams. They also highlight the value of bringing in large quantities of data and the role of AI in analyzing and correlating that data. They discuss the Elastic Common Schema and its impact on data normalization and correlation. Overall, they emphasize the open and agile nature of Elastic in meeting the evolving needs of SOCs.

Takeaways:

-SOCs have evolved from network operations centers (NOCs) and now require the integration of security and network teams.

-Bringing in large quantities of data and leveraging AI can provide a more comprehensive and holistic view of security incidents.

-The Elastic Common Schema enables data normalization and correlation across different log sources.

-Elastic's open and agile approach allows for customer-driven development and the ability to meet the evolving needs of SOCs.

Sound Bites:

"SOCs are transitioning and moving towards the new, and Elastic is part of that new."

"The goal is to bring in all the data to have a full picture and enable effective security operations."

"Elastic allows for a more efficient and effective SOC by providing an event rendered view and leveraging AI for analysis."

00:00 Heidi Gerken's Background in Security Operations Centers

03:00 The Transition from NOCs to SOCs

07:02 Challenges of Managing Large Data Sets in SOCs

13:07 The Role of AI and Machine Learning in SOC Efficiency

28:03 The Importance of Elastic Common Schema in SOC Operations