Measuring Security Operations Center Effectiveness Globally

Measuring Security Operations Center Effectiveness Globally

Do you know what is it like to measure and optimize global security operations centers (SOCs)?

At IBM Managed Security Services’ (MSS), we measure an SOC a bit like operating and managing the performance of a factory. It’s incredibly important to monitor and measure the performance of every component and how they all work together.

This measurement ensures there’s an end-to-end, streamlined and seamless security workflow. The right tools and supporting technologies can enable security workflows to operate efficiently and provide the quality the service requires.

There are a couple of measurement variables that have to be closely monitored in an SOC, such as speed, accuracy, depth of investigation and quality of investigation. Within the environment, there also are a number of measures around capacity and performance. This is to ensure an SOC is operating a service within the lens of quality and speed.

All of these measurements need to be considered when measuring an intense security service that is delivering a high value to the clients in a narrow operating window.

Important Metrics for an MSSP

It’s important to effectively measure everything. At IBM, we measure cycle times, throughput, demand and the capacity to apply against that demand when managing a global SOC. This is aimed at finding the optimal performance for SOCs. 


Managed security service providers (MSSP) need to measure capacity to make sure they are staffed appropriately to handle extremely large volumes of incidents. This also dictates how much time an SOC analyst can spend investigating a given incident. There are also guidelines to determine how much time should be spent on an incident, depending on the analy ..