Train From Home on Your Schedule with OnDemand - Special Offers Available Now

Press

Subscribe to SANS Newsletters

Join the SANS Community to receive the latest curated cyber security news, vulnerabilities and mitigations, training opportunities, and our webcast schedule.






Coordinate Efforts for SOC Improvement: Results of the 2019 SANS Security Operations Center Survey

Integration with Network Operations Centers Improves Efficiency and Efficacy; Solutions to Reduce Staffing Shortages

  • Bethesda, MD
  • June 25, 2019

Integrating efforts of network operations centers (NOCs) and outsourcing security operations tasks offer major avenues toward improving SOC effectiveness and efficiency, according to results of a survey to be released by SANS Institute on July 10 and discussed on July 11.

Organizations often realize improved efficiency through integration with internal resources, such as NOCs. We did see an uptick in organizations integrating NOC and SOC operations, an important way to increase both effectiveness and efficiency, especially when outsourcing is not feasible. Thirty-four percent of respondents reported either fully integrating or effectively working with their NOC.

“Though we saw some improvement this year, most SOCs still aren’t fully leveraging the potential of interaction with their NOCs,” says Christopher Crowley, SANS security operations and incident response team management instructor, and author of the survey. “If you aren’t consistently leveraging this ‘sibling’ in your organization, you’re missing efficiency and knowledge-sharing opportunities.”

Survey results indicate that staffing continues to be a problem for security-minded organizations, with 58% of respondents citing lack of skilled staff as a barrier to excellence. Outsourcing such tasks as pen-testing, digital forensics and threat intelligence—at least until organizations have developed standard use cases appropriate for their business operations—is one way to reduce the burden on in-house staff.

“A SOC is an expensive proposition with substantial operational costs and staffing needs,” continues Crowley. “To minimize these costs, or to deal with staffing restrictions, organizations need to consider their options. And, outsourcing some functions offers opportunities to reduce in-house responsibilities and improve SOC functionality.”

These and other suggestions for improving the efficiency and effectiveness of SOCs are discussed in the SANS 2019 Security Operations Center Survey, along with context provided by SOC managers from small-to-medium size organizations.

Full results will be shared during a July 10 webcast at 1 PM EDT, sponsored by Anomali, BTB Security, Cyberbit, DFLabs, ExtraHop, Siemplify, and ThreatConnect, and hosted by SANS. Register to attend the webcast at https://www.sans.org/webcasts/110050.

Representatives of ExtraHop, Siemplify, and ThreatConnect join Chris Crowley and SANS director of emerging technologies John Pescatore for a panel discussion on the results on July 11 at 1 PM EDT. Register to attend that webcast at https://www.sans.org/webcasts/110075.

Those who register for the webcast will also receive access to the published results paper developed by SANS analyst and security operations expert, Chris Crowley, with advice from John Pescatore.

Tweet This:

What challenges inhibit integration and utilization of a centralized #SOC model? Find out in our upcoming 2019 SANS #SOC Survey results with SANS @CCrowMontance & @john_pescatore | https://www.sans.org/webcasts/110050

See what #security practitioners have to say about their SOC experiences in our upcoming 2019 SANS #SOC Survey webcast with @CCrowMontance & @john_pescatore on 7/10 @ 1PM ET | https://www.sans.org/webcasts/110050

Gain greater insight into capabilities and implementations | @CCrowMontance & @john_pescatore discuss selected results with sponsors on 7/11 @ 1PM ET | https://www.sans.org/webcasts/110075

About SANS Institute

The SANS Institute was established in 1989 as a cooperative research and education organization. Today, SANS is the most trusted and, by far, the largest provider of cyber security training and certification to professionals in government and commercial institutions worldwide. Renowned SANS instructors teach more than 60 courses at In-Person and Live Online cyber security training events, and more than 50 courses are available anytime, anywhere with our OnDemand platform. GIAC, an affiliate of the SANS Institute, validates practitioner skills through more than 35 hands-on, technical certifications in cyber security. The SANS Technology Institute, a regionally accredited independent subsidiary, offers a master’s degree, graduate certificates, and an undergraduate certificate in cyber security. SANS Security Awareness, a division of SANS, provides organizations with a complete and comprehensive security awareness solution, enabling them to easily and effectively manage their ‘human’ cybersecurity risk. SANS also delivers a wide variety of free resources to the InfoSec community including consensus projects, research reports, webcasts, podcasts, and newsletters; it also operates the Internet's early warning system – the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to support and educate the global information security community. (https://www.sans.org)