In my last post, I discussed a common syndrome experienced by many organizations called “SOC Enterprise Amnesia” whereby the most valuable data (intelligence) gleaned from events/incidents is flushed and forgotten as operational fatigue sets in while the volume of security control and instrumentation data continues to overwhelms the operators field of view. The outgrowth of this state is called “Operational or Organizational Thrashing”.
So what are some approaches to take to remedy this syndrome? Before diving into the approaches, it’s important to understand the top 10 security operations readiness deficiencies commonly found in many enterprises. Below is an enumeration of the 10 most common deficiencies aligned to People-Process-Technology.
Some of the best approaches in designing for improving SOC readiness and operational efficiencies take into account the 80/20 rule whereby 80% improvements can be achieved by addressing the top 20% of the critical gaps typically discovered during a breach readiness and/or capabilities maturity assessment. Below is an example of common findings within the top 20% gap criticality.
- Conduct all-inclusive risk and security assessments
- Locate and track high-value digital assets
- Model threats and address top vulnerabilities
- Master change management processes
- Deploy security staff selectively and strategically
- Integrate security processes and technologies to scale resources
- Invest in threat intelligence capabilities
- Quantify the impact of security investments
SOC transformation and optimization is not an overnight effort and with strong emphasis on analysis and design, organizations can achieve significant results. If you’d like to read more about this topic and others ways you can improve your breach readiness and operational maturity, check out the October, 2013 RSA Security Brief – “Taking Charge of Security in a Hyperconnected World.”