A security operations center (SOC), which includes the people, processes, and technology needed to monitor, detect, analyze, and respond to cyber threats, is the foundation of many businesses’ cybersecurity.
A SOC, however, is difficult to manage and maintain, requires significant budget and resources, and comes with many other challenges.
To help organizations better understand the complexity of a SOC and help them overcome challenges to optimize the value of their SOC and its capabilities, the SANS Institute has conducted a survey for five years running on how security teams leverage their SOCs, which provides annual insight for SOC leaders and industry professionals.
Exploring the Security Operations Center—Inside and Out
In this year’s report sponsored by Arctic Wolf, A SANS 2021 Survey: Security Operations Center (SOC), 33% of respondents admitted to having an incident or intrusion within their protected environment during the year. The real percentage could be significantly higher, however, as some respondents wouldn’t say while others didn’t know.
Threats do bypass controls, and some of the biggest data breaches occur when they linger in an environment for weeks or months, undetected, before doing their damage. A SOC can do wonders to ameliorate this problem, but it must be efficiently run and finely tuned to be effective
The SANS survey report taps into the findings from hundreds of SOC leaders and industry peers to gauge their success in several key areas. It also goes into length regarding the challenges a SOC typically presents—and outlines how to address them.
The report provides information on what you need to know regarding a SOC’s:
- Capabilities—See how businesses rated their success in dozens of areas—from incident response, alerting, and monitoring, to threat hunting, pen testing, and vulnerability assessment. It also covers the option of outsourcing capabilities that can’t be performed in house.
- Staffing—The survey covers the various roles within a SOC, as well as the difficulty businesses face in recruiting and retaining talent as skilled cybersecurity professionals often come at a premium.
- Technology—Respondents shared information on all the valuable tools within their SOC arsenal. This includes host tools like endpoint protection and vulnerability remediation, network technology such as firewalls and network monitoring tools, logging solutions for log management and monitoring, and analytical tools such as AI/machine learning and threat hunting.
- Funding—SOCs are costly to build and maintain, and the SANS report explores the financial considerations all organizations must consider. Who is involved in setting the budget? Who is involved in approving it?
- Deployment—Not only just the deployment of the SOC but its architecture, and whether operational technology processes monitored as part of this deployment. This section also explores any relations between respondents’ SOCs and their network operations centers (NOCs).
Are Your Security Operations Capabilities up to Par?
To see how your SOC stacks up, check out A SANS 2021 Survey: Security Operations Center (SOC).
And if your organization is struggling with managing the complexities of its own SOC—or if SOC capabilities are out of reach due to lack of staffing or budget resources, Arctic Wolf can help. Learn how Arctic Wolf’s security operations solutions can provide unprecedented security outcomes for your organization.