Buyer's Handbook: A security operations center for hire? Something to consider Article 1 of 2

Peer into current and future security operations centers

Many organizations are experiencing a rise in security threats. But the talent and tools to investigate the growing number of security incidents -- or worse, previously unknown threats -- continues to be a problem that weighs on senior security staff. A security operations center can help analysts tasked with investigating security incidents monitor the bigger picture by providing services including threat intelligence, scans of systems and devices that address vulnerabilities and timely patch management.

Yet many organizations find that a security operations center is difficult to implement and even harder to staff. Finding trained SOC analysts, especially individuals who have the unique combination of talents required to detect and prevent unknown threats, is another challenge. Elevated security events at many companies are still handled by either an overburdened IT staffer who specializes in security or an ad hoc team that may not have the skills to take advantage of data analysis and visualization tools. Many security operations centers also rely on some manual collection of key performance indicators by analysts who compile SOC metrics.

The lack of information sharing by internal teams is another area that remains a struggle. According to a 2017 SANS Institute survey, 60% of respondents said their organization had combined the security, remediation and response functions into a single security operations center, but only one-third said their organization's SOC coordinated information with the network operations center.

Integration of tools and automation of prevention, detection and response can help SOCs in the future, but technologies alone cannot replace highly trained security analysts. Some SOC functions can be outsourced, but management and strategic planning to align security operations with business goals should remain in-house.

Networking
CIO
Enterprise Desktop
  • Understanding how GPOs and Intune interact

    Group Policy and Microsoft Intune are both mature device management technologies with enterprise use cases. IT should know how to...

  • Comparing MSI vs. MSIX

    While MSI was the preferred method for distributing enterprise applications for decades, the MSIX format promises to improve upon...

  • How to install MSIX and msixbundle

    IT admins should know that one of the simplest ways to deploy Windows applications across a fleet of managed desktops is with an ...

Cloud Computing
ComputerWeekly.com
Close