Seven Cyber Security Courses in Orlando - Oct. 28-Nov. 2. Save $200 thru 9/25.

SANS Security Insights

SOCS Grow Up: Results of a SANS Survey

By Deb Radcliff, Editor-in-Chief, SANS Analyst Program

Bethesda, MD — May 8, 2017 — Security operations centers (SOCSs) are growing up taking on multiple responsibilities for prevention, detection and response, according to our new SANS survey on SOC capability.

In the survey, 91% of respondent organizations provide prevention capabilities through network IDS/IPS, 86% provide detection capabilities through network IDS/IPS, and 77% provide response capabilities through EDR (endpoint detection and response), to name just the highest-rated capabilities.

Responses indicate that SOCs gather, analyze and react to tremendous amounts of information on a daily basis. Yet despite this, they still can't detect unknown threats, determine impact across their affected systems, and lack the integration between their systems to do so.

The key is making the security, intelligence and response data collected across these systems useful to all SOC-related functions, which also means improving integration with network operations centers (NOCs).

In the survey, only 32% of respondents report having close integration between their SOC and NOC, with 12% of those having strong technical integration between the groups.

"This lack of integration may, in part, be due to the variety of architectures respondents' utilize," says the report's author, Crowley, referring to respondents' mixture of on premises and cloud SOC operations. "There is no doubt that there are clear opportunities to improve security operations, starting with better relationships and coordination with IT operations."

Full results will be shared during a two-part webcast. Part 1 will be held on May 17, 2017 at 1 PM EDT, and the Part 2 webcast will air on May 18, 2017 at 1 PM EDT. Register to attend by clicking the dates.

Post a Comment


* Indicates a required field.