Shiny Object Syndrome – Time & Talent Requirements in an OT SOC

Main Stage

What are the average number of alerts per day during the learning period for the new passive OT detection tools? The average number of alerts per day when the tool has been properly baselined & tuned? How many people with what type of skill sets are required to effectively staff an OT SOC? Rebekah will provide some hard numbers and examples from deployments.

ICS detection software has its purpose and is extremely useful, but only when you have the budget and the resources required to properly baseline, tune and monitor the software in the long run. Otherwise, your money is better spent elsewhere. Rebekah will discuss the cost-benefit analysis to anomaly detection software, share the organizational model that will be required to properly sustain anomaly detection software, and present use cases where she has seen this model both succeed and fail.

Detection & Response