PRO+ Premium Content/Information Security
Access your Pro+ Content below.
Are security operations centers doing enough?
This article is part of the Information Security issue of November 2017, Vol. 19, No. 9
Knocks on SOCs are not uncommon: Too many security operations centers are rudimentary, and organizations in almost all industries need to upgrade their capabilities. Some security operations centers (SOCs) run 24/7; others are 9 to 5. All focus on network monitoring and triage, looking at alerts and indicators of compromise to ensure performance metrics and service-level agreements are met. Coordination with IT or network operations centers (NOCs) may occur through dashboards or other communications, depending on the company. But security operations centers may not be as common as people think. And those that are operational often focus on detection and remediation with functions dispersed across groups and infrastructure, including the cloud. Security analysts who specialize in network intrusion detection, cyberthreat intelligence, reverse malware engineering, computer forensics, vulnerability scanning, network mapping and discovery and cyber incident response are often far from the reality. Randy Marchany, CISO at Virginia ...
Features in this issue
-
Are security operations centers doing enough?
SOCs are maturing, but organizations facing the increased threat landscape understand that improving their effectiveness must be a priority in the year ahead.
-