Focusing the SOC on Detection and Response

2020-12-10 13:03

In his paper, Prevention is Futile in 2020: Protect information Via Pervasive Monitoring and Collective Intelligence, he projected that by 2020, 60% of enterprise information security budgets will be allocated for rapid detection and response approaches, up from less than 10% in 2013.

In subsequent years, the definition shifted towards detection and response with vulnerability management remaining part of security operations, but not a core focus of the SOC. In 2017, Gartner began describing SOAR as the convergence of SOA, SIR and threat intelligence.

By 2019, Gartner defined the use cases for SOAR as SOC optimization; threat monitoring, investigation and response; and threat intelligence management - all capabilities focused on detection and response, whether reactive or proactive, with the overarching objective of SOC optimization.

Intelligence is the foundation for each of these use cases and thus the lifeblood of the SOC. But there's a stumbling block - threat intelligence has become a poisoned term which has prevented many security teams from fully appreciating it or reaping the full value for detection and response.

With threat intelligence as the foundation, both approaches will propel SOCs even further on their mission to be detection and response organizations.

News URL

http://feedproxy.google.com/~r/Securityweek/~3/mlyYo0X1QUY/focusing-soc-detection-and-response

#SOC