BACKGROUND IMAGE: naqiewei/iStock
Peer into current and future security operations centers
Many organizations are experiencing a rise in security threats. But the talent and tools to investigate the growing number of security incidents -- or worse, previously unknown threats -- continues to be a problem that weighs on senior security staff. A security operations center can help analysts tasked with investigating security incidents monitor the bigger picture by providing services including threat intelligence, scans of systems and devices that address vulnerabilities and timely patch management.
Yet many organizations find that a security operations center is difficult to implement and even harder to staff. Finding trained SOC analysts, especially individuals who have the unique combination of talents required to detect and prevent unknown threats, is another challenge. Elevated security events at many companies are still handled by either an overburdened IT staffer who specializes in security or an ad hoc team that may not have the skills to take advantage of data analysis and visualization tools. Many security operations centers also rely on some manual collection of key performance indicators by analysts who compile SOC metrics.
The lack of information sharing by internal teams is another area that remains a struggle. According to a 2017 SANS Institute survey, 60% of respondents said their organization had combined the security, remediation and response functions into a single security operations center, but only one-third said their organization's SOC coordinated information with the network operations center.
Integration of tools and automation of prevention, detection and response can help SOCs in the future, but technologies alone cannot replace highly trained security analysts. Some SOC functions can be outsourced, but management and strategic planning to align security operations with business goals should remain in-house.