Bethesda, Md. – Security operations centers (SOCs) are growing up, according to a new SANS survey to be released in a two-part webcast on May 17 and May 18. In it, respondents indicate the SOC's primary strengths are flexibility of response and response time, while their biggest weakness is lack of visibility into events.

"Survey results indicate that organizations still can't detect previously unknown threats, which is a consistent problem across many other SANS surveys," says SANS Analyst and Instructor Christopher Crowley. "Although the survey indicates that SOCs need more automation, particularly for prevention and detection, it also shows that they are maturing and utilizing a mixture of cloud and internal-based SOC services."

Today's SOCs have a broad range of capabilities, with 91% providing prevention capabilities through network IDS/IPS, 86% providing detection capabilities through network IDS/IPS, and 77% providing response capabilities through EDR (endpoint detection and response), to name just the highest-rated capabilities.

Responses indicate that SOCs gather, analyze and react to tremendous amounts of information on a daily basis. The key is making it useful to all SOC-related functions and improving integration with network operations centers (NOCs). Right now, only 32% of respondents report having close integration between their SOC and NOC, with 12% having strong technical integration.

"This lack of integration may, in part, be the variety of architectures respondents' utilize," continues Crowley. "There is no doubt that there are clear opportunities to improve security operations, starting with better relationships and coordination with IT operations."

Full results will be shared during a two-part webcast. Part 1 will be held on May 17, 2017 at 1 PM EDT, and the Part 2 webcast will air on May 18, 2017 at 1 PM EDT. Both webcasts are sponsored by Carbon Black, Endgame, LogRhythm, NETSCOUT, ThreatConnect, and Tripwire and hosted by SANS. Register to attend the May 17 webcast at and the May 18 webcast at

Those who register for the webcast will also receive access to the published results paper developed by SANS Analyst and security operations center expert, Christopher Crowley.

Tweet This:

SANS SOC Survey | SOCs Growing Up | May 17 |

SANS SOC Survey | Future Plans for SOCs | May 18 |

Learn what SOCs are doing now and where they're headed | Part 1, | Part 2,

About SANS Institute

The SANS Institute was established in 1989 as a cooperative research and education organization. Today, SANS is the most trusted and, by far, the largest provider of cyber security training and certification to professionals in government and commercial institutions world-wide. Renowned SANS instructors teach more than 60 courses at in-person and virtual cyber security training events and on demand. GIAC, an affiliate of the SANS Institute, validates practitioner skills through more than 35 hands-on, technical certifications in cyber security. The SANS Technology Institute, a regionally accredited independent subsidiary, offers a master’s degree, graduate certificates, and an undergraduate certificate in cyber security. SANS Security Awareness, a division of SANS, provides organizations with a complete and comprehensive security awareness solution, enabling them to easily and effectively manage their ‘human’ cybersecurity risk. SANS also delivers a wide variety of free resources to the InfoSec community including consensus projects, research reports, webcasts, podcasts, and newsletters; it also operates the Internet's early warning system–the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to support and educate the global information security community. (