Wednesday, August 17, 2022

SIDEBAR: Two contrasting SOCs

In its most recent report on the evolution of 114 security operations centres around the world Hewlett-Packard Enterprises contrasted two unnamed SOCs:

Organization “A,” which is in the public sector and runs a round the clock SOC, started with a composite score of 1.8, dipped to 1.0 and last year hit 1.4

“Maturity has been a seesaw over the past six years mostly based on business challenges that adversely impact people, process, and technology investments,” said the report.

PROS: Analysis of key performance indicators (KPIs) for Level 1 or 2 analysts are tracked and readily available, has a structured development program for analysts with continuous investment in key skills and repeatable operations components are well documented with consistent execution across team.

CONS: Multitenant SOC missing overarching sponsorship and mission to overcome inconsistent agendas at mid-level manager roles; content development and data integration KPIs missing for SIEM engineers and infrastructure stability is an issue; rigid system management policies and guidelines have resulted in out-of-date systems.

Organization “B”  is in the energy sector and went through a rebuild under new leadership after three years into the study to develop a round the clock SOC. It started with a composite score of 1.0. at the rebuild and last year scored 2.6.

PROS: Strong sponsorship from executive visibility of security ROI from SOC program and tools, there is a collaborative culture with strong relationships inside and outside of security organization, investment in security solutions to meet strategic security needs.

CONS:Needs talent pipeline and repeatable program to support growth objectives; needs development to monitor custom, home-grown applications, and systems; needs expanded hunting and visual analysis for context and threats.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Related Tech News

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.