Did Your SOC Catch a Bad Guy Today?

If you read the news, at any time, you would learn that cybersecurity threats are increasing.  We don’t give it a second thought when a well-funded, sophisticated nation state is the source of a breach.  But do you know what’s straining enterprise and agency SOC (security operations center) teams to deal with these threats?

  1. A severe shortage in skilled security personnel
  2. Exponential growth in data from technologies meant to help

That’s right, every SOC relies on people to “connect the dots” between security alerts, contextual sources and impact to organizations. But what most don’t know is they’re falling behind.  And an inability to catch up creates a gap that demands more than what’s being offered today.

We know SOCs are trying and are plenty busy with all sorts of things.  In fact, level-1 analysts, either in the enterprise or at the MSSP, are staring at SIEM consoles trying to decipher signals from noise.  Senior analysts are querying and mining specialized databases.  And, red alerts from the millions of dollars sunk into detection technologies sound incessantly.

Overcoming the gap mentioned above is of critical importance for the success of our Security Operation Centers.  Newer technology holds promise to help the SOC meet its objectives.  However, it’s important to name the challenges and shortcomings of today’s SOC so we can effectively address the situation.  You not only have to ask yourself, Did your SOC catch a bad guy today? But is it also ready to catch any bad guy any day?