Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Do You Need a Security Operations Center?


Today's security professionals need to have accurate information accessible to them at a moment's notice. That accessibility is critical in order for them to respond to security incidents efficiently and effectively. Pulling all of that information together can be difficult since it has to be collected from all corners of the enterprise. Yet, difficult or not, it's necessary so that triage can be performed quickly.

Unfortunately, we see research like Verizon's Data Breach Investigation Report that shows us this isn't happening in a large percentage of cases. Instead, it's months, even years, before a breach gets noticed. There are a handful of key issues that make this difficult. They revolve around a lack of trained and skilled personnel, the tools to provide them with accurate, actionable information, and the processes to enable them to do their jobs effectively.

To combat these issues, some organizations have built a security operations center (SOC) to become the hub of all security operations, streamline the incident-handling process, and enable ease of collaboration among security personnel. It sounds great, right? The reality is that assembling a SOC is no easy task, and it can be expensive, which is one of the primary reasons companies decide to outsource security operations.

To make the decision about whether to build a SOC, outsource it, or take a hybrid approach by mixing on-site security personnel with managed security services, let's look at some of the key features and decisions in the making of a successful SOC.

First and foremost, a SOC requires highly skilled security professionals to investigate security incidents, perform incident response and forensics, and help keep an organization afloat amid a data breach. These security pros are responsible for providing accurate information to management so the business can make sound decisions, such as whether critical systems need to be shut down for analysis or to stop data exfiltration.

Read the rest of this article on Dark Reading.

The right forensic tools in the right hands are just a start. The new Digital Detectives issue of Dark Reading shows you how to better apply the lessons they teach. (Free registration required.)