So your security team is ready to scale up its security operations center, or SOC, to better meet the security needs of your organization. That’s great news. But there are some very important strategic questions that need to be answered if you want to build the most effective SOC you can and avoid some of the most common pitfalls teams of any size can encounter.
The Gartner® report SOC Model Guide, is an excellent resource for understanding how to ask the right questions regarding your security needs and what to do once those questions are answered.
Question 1: Which Model is Right for You?
There are several different ways to build an effective SOC. And while some are more complicated (perhaps even prohibitively so) than others, knowing what your needs and resources are at the outset will help you make this crucial initial decision.
Gartner puts it this way:“A SOC model defines a strategy for variation in the use of internal teams and external service providers when running a SOC. It ensures all roles required to operate a SOC are allocated to those best suited to discharge the associated responsibilities. An effective SOC model lets SRM leaders allocate resources based on business priorities, available skill sets and budget…”
There are effectively three ways to build a SOC: internal, external, and hybrid. The report has this to say:"Opting for a hybrid SOC is one way to help grow capabilities, while managing scale and cost. A hybrid SOC is one in which more than one team, both insourced and outsourced, plays a role in the activities required for proper SOC operation. The question of which teams, roles, jobs and activities are best ..
Support the originator by clicking the read the rest link below.
