The State of the SOC
An Enterprise Study on Threat Detection and Response
Many Security Operations Centers (SOCs) are under siege. Security analysts oftentimes have more alerts than they can typically triage and investigate, giving attackers more time to evade detection and taking longer for SOCs to respond. The result is that once attackers break in, they often stay hidden inside for too long – moving laterally and stealing sensitive data.
Fidelis Cybersecurity commissioned 360Velocity and Dr. Chenxi Wang to conduct an enterprise study on the State of the SOC, including current trends and practices of threat detection and response. The study was conducted over the span of three months, interviewing security practitioners from enterprise companies in a cross-section of industries: Software-as-a-Service (SaaS), retail, financial services, healthcare, consumer services, and high tech. The results reveal how different organizations manage SOCs, incident response and threat hunting tasks.
Read this report to understand the specific challenges facing many SOCs and the opportunities to improve their efficiency and effectiveness, including:
- Alert overload and how to automate alert triaging and prioritization
- The importance of integrating security controls to speed investigations, remediation and control
- How to standardize and automate processes for threat detection and response
- Identifying meaningful SOC metrics to use for understanding effectiveness/ineffectiveness
- Threat hunting as an elite operation used in only the largest and most sophisticated organizations