bluebay2014 - Fotolia

Get started Bring yourself up to speed with our introductory content.

Are companies with a SOC team less likely to get breached?

Information security operations centers are “growing up,” according to one study. But, with staffing shortages and manual collection of data, performance metrics are hard to get.

This article can also be found in the Premium Editorial Download: Information Security magazine: Next-gen SOC: What's on your automation roadmap?:

Companies outsource functions of security operations centers. But most agree that management of strategic activities -- security planning, alignment to the business, performance assessments -- should stay in-house.

Are companies that have information security operations centers (SOCs) less likely to get breached? That data is hard to come by. Target did not respond to automated warnings about suspicious activity during its 2013 breach. The SOC manager left the retailer in October. The breach occurred in November and was publicly acknowledged by Target on December 19, 2013, after Brian Krebs reported it on his Krebs on Security blog. According to reports by Bloomberg Businessweek and others, alerts issued by FireEye malware detection were noted by Target's security staff in India but then ignored by the SOC team in the United States.

Today, the retail company runs a 24/7 Cyber Fusion Center at its Northern Campus in Brooklyn Park, Minnesota. A recent job posting for an event analyst noted that the future SOC team member would work with the company's Cyber Threat Intelligence team and participate in "cyber hunt activities" as needed, in addition to security information and event management, log management and a host of other duties to assess and detect cyberthreats in the retailer's global operations.

In this issue, technology journalist Steve Zurier looks at information security operations centers and reports on tools integration, future automation and SOC team staffing -- in May, he covered the role of threat hunters in modern SOCs. What is it going to take to improve SOC capabilities going forward? A 2017 SANS Institute report found that lack of visibility is a major problem, especially detection of unknown threats. Of the 309 IT professionals surveyed worldwide, 61% indicated that their security operations were centralized, but only 32% reported close integration between the SOC team and network operations center. Better information sharing and automation of SOC performance metrics -- 69% of those surveyed who compile metrics said they must do a lot of the data collection and analysis manually -- could help take security operations to the "next level," according to SANS.

Vulnerability management and patch management are also getting increased scrutiny at many organizations after the Equifax breach and global ransomware attacks that some speculate could have been avoided. CISO James Ringold looks at risk-based vulnerability management strategies and explains why investing in this process is worth consideration.

Two security leaders who moved to the private sector after working on cybersecurity initiatives in Washington, D.C., during the Obama administration are also profiled this month: Phyllis Schneck, managing director of Promontory Financial Group, now an IBM company, and Alissa Johnson, the CISO at Xerox.

"I learned that there really isn't a lot of difference between there and here," Johnson said. "Xerox has no nuclear secrets, but hackers are still attacking us and trying to get data using the same tools and technology."

Next Steps

Why SOCs are important for the future

How will SOCs work with software-defined networking?

Integrating IT operations and security

This was last published in November 2017

PRO+

Content

Find more PRO+ content and other member only offers, here.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Do you think companies that have a SOC are less likely to get breached? Why or why not?
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

Close