PRO+ Premium Content/Information Security magazine

The concept of a security operations center that optimizes resources -- security technologies, threat intelligence and analysts -- to counter threats is a great idea. However, in reality, designing an effective SOC is hard. Many companies struggle first with implementation and then with figuring out how to take their SOC to the next level. What will the next-gen SOC look like?

Security operations centers today are found mostly in large organizations and focus on detection and remediation. The lack of big data analysis tools that can work with wide varieties of data is a major obstacle.

"That's one of the reasons I think people say SOCs are not very effective yet," said Randy Marchany, CISO at Virginia Tech. The university's SOC project has been put on hold as they implement another security information and event management tool and ramp up on the open source Elastic Stack, formerly known as ELK.

Integration of tools and increased automation may help security analysts prioritize security events in a next-gen SOC, but once a serious security incident has been identified, many companies lack a sophisticated incident-response process. CISOs need to work on building internal and external relationships, like with law enforcement, that will assist the company in the event of a breach.

In this issue of Information Security magazine, we look at the strengths and weaknesses of security operations centers. To what extent are SOCs integrating the tools they have? How are they automating these processes? We ask CISOs and other security leaders what strategies will help organizations build the next-gen SOC. What is your three-year plan for getting your organization's security operations center to the next level?