In its most recent report on the evolution of 114 security operations centres around the world Hewlett-Packard Enterprises contrasted two unnamed SOCs:
Organization “A,” which is in the public sector and runs a round the clock SOC, started with a composite score of 1.8, dipped to 1.0 and last year hit 1.4
“Maturity has been a seesaw over the past six years mostly based on business challenges that adversely impact people, process, and technology investments,” said the report.
PROS: Analysis of key performance indicators (KPIs) for Level 1 or 2 analysts are tracked and readily available, has a structured development program for analysts with continuous investment in key skills and repeatable operations components are well documented with consistent execution across team.
CONS: Multitenant SOC missing overarching sponsorship and mission to overcome inconsistent agendas at mid-level manager roles; content development and data integration KPIs missing for SIEM engineers and infrastructure stability is an issue; rigid system management policies and guidelines have resulted in out-of-date systems.
Organization “B” is in the energy sector and went through a rebuild under new leadership after three years into the study to develop a round the clock SOC. It started with a composite score of 1.0. at the rebuild and last year scored 2.6.
PROS: Strong sponsorship from executive visibility of security ROI from SOC program and tools, there is a collaborative culture with strong relationships inside and outside of security organization, investment in security solutions to meet strategic security needs.
CONS:Needs talent pipeline and repeatable program to support growth objectives; needs development to monitor custom, home-grown applications, and systems; needs expanded hunting and visual analysis for context and threats.