Information Security

Defending the digital infrastructure

bluebay2014 - Fotolia

Are companies with a SOC team less likely to get breached?

Information security operations centers are “growing up,” according to one study. But, with staffing shortages and manual collection of data, performance metrics are hard to get.

Companies outsource functions of security operations centers. But most agree that management of strategic activities -- security planning, alignment to the business, performance assessments -- should stay in-house.

Are companies that have information security operations centers (SOCs) less likely to get breached? That data is hard to come by. Target did not respond to automated warnings about suspicious activity during its 2013 breach. The SOC manager left the retailer in October. The breach occurred in November and was publicly acknowledged by Target on December 19, 2013, after Brian Krebs reported it on his Krebs on Security blog. According to reports by Bloomberg Businessweek and others, alerts issued by FireEye malware detection were noted by Target's security staff in India but then ignored by the SOC team in the United States.

Today, the retail company runs a 24/7 Cyber Fusion Center at its Northern Campus in Brooklyn Park, Minnesota. A recent job posting for an event analyst noted that the future SOC team member would work with the company's Cyber Threat Intelligence team and participate in "cyber hunt activities" as needed, in addition to security information and event management, log management and a host of other duties to assess and detect cyberthreats in the retailer's global operations.

In this issue, technology journalist Steve Zurier looks at information security operations centers and reports on tools integration, future automation and SOC team staffing -- in May, he covered the role of threat hunters in modern SOCs. What is it going to take to improve SOC capabilities going forward? A 2017 SANS Institute report found that lack of visibility is a major problem, especially detection of unknown threats. Of the 309 IT professionals surveyed worldwide, 61% indicated that their security operations were centralized, but only 32% reported close integration between the SOC team and network operations center. Better information sharing and automation of SOC performance metrics -- 69% of those surveyed who compile metrics said they must do a lot of the data collection and analysis manually -- could help take security operations to the "next level," according to SANS.

Vulnerability management and patch management are also getting increased scrutiny at many organizations after the Equifax breach and global ransomware attacks that some speculate could have been avoided. CISO James Ringold looks at risk-based vulnerability management strategies and explains why investing in this process is worth consideration.

Two security leaders who moved to the private sector after working on cybersecurity initiatives in Washington, D.C., during the Obama administration are also profiled this month: Phyllis Schneck, managing director of Promontory Financial Group, now an IBM company, and Alissa Johnson, the CISO at Xerox.

"I learned that there really isn't a lot of difference between there and here," Johnson said. "Xerox has no nuclear secrets, but hackers are still attacking us and trying to get data using the same tools and technology."

Article 4 of 5

Next Steps

Learn the core principles of a SOC framework

why security operations centers are the key to the future

What is the role of the security operations center in SDN?

This was last published in November 2017

Dig Deeper on Security operations and management

Get More Information Security

Access to all of our back issues View All