Access your Pro+ Content below.
Next-gen SOC: What's on your automation roadmap?
The concept of a security operations center that optimizes resources -- security technologies, threat intelligence and analysts -- to counter threats is a great idea. However, in reality, designing an effective SOC is hard. Many companies struggle first with implementation and then with figuring out how to take their SOC to the next level. What will the next-gen SOC look like?
Security operations centers today are found mostly in large organizations and focus on detection and remediation. The lack of big data analysis tools that can work with wide varieties of data is a major obstacle.
"That's one of the reasons I think people say SOCs are not very effective yet," said Randy Marchany, CISO at Virginia Tech. The university's SOC project has been put on hold as they implement another security information and event management tool and ramp up on the open source Elastic Stack, formerly known as ELK.
Integration of tools and increased automation may help security analysts prioritize security events in a next-gen SOC, but once a serious security incident has been identified, many companies lack a sophisticated incident-response process. CISOs need to work on building internal and external relationships, like with law enforcement, that will assist the company in the event of a breach.
In this issue of Information Security magazine, we look at the strengths and weaknesses of security operations centers. To what extent are SOCs integrating the tools they have? How are they automating these processes? We ask CISOs and other security leaders what strategies will help organizations build the next-gen SOC. What is your three-year plan for getting your organization's security operations center to the next level?
Access this PRO+ Content for Free!
Features in this issue
SOCs are maturing, but organizations facing the increased threat landscape understand that improving their effectiveness must be a priority in the year ahead.
Serving as White House deputy CIO prepared Johnson for her CISO role: "When we let the culture in a company or agency drive security governance or innovation, that's a problem."
Cataclysmic security incidents highlight the importance of a vulnerability management program versus a patch management system. Here's how to implement a risk-based approach.
Columns in this issue
Information security operations centers are “growing up,” according to one study. But, with staffing shortages and manual collection of data, performance metrics are hard to get.
The managing director at Promontory Financial Group, now part of IBM, talks about supercomputers, cryptography applications and her start in computer science.