As Security Operations Centers (SOCs) mature, they need to tackle some tough challenges with respect to data, systems and people
As Security Operations Centers (SOCs) mature and transition to become detection and response organizations, they need to tackle some tough challenges with respect to data, systems and people. To begin with, many SOCs are dealing with data that is noisy and unstructured, decentralized without prioritization, and managed with spreadsheets. So, the first step is to capture the right data to create a single source of truth, continuously updated with new data and observations, and curated to ensure relevance.
Utilizing that data also presents challenges because systems are disconnected and disparate, workflows are not orchestrated nor automated, and each system uses its own specific language which makes it difficult, if not impossible, to get them to interoperate. Passive collaboration, sharing curated threat intelligence with teams and tools as part of existing workflows, improves data utilization and is a major step towards enterprise-wide risk management.
But there remains yet another significant challenge SOCs face as they modernize – the lack of skilled resources to get things done and ineffective use of the staff they do have who are bogged down by repetitive, manual tasks and operate in silos.
How to unleash the power of the human element.
Detection and response is predicated on having the right intelligence. This encompasses all the internal threat and event data created by each layer in your security architecture, augmented and enriched with external threat data from the multiple sources you subscribe to. But one of the most important sources to also bring into the process is human intelligence – intuition, memory, learnin ..
Support the originator by clicking the read the rest link below.
