Coordinate Efforts for SOC Improvement: Results of the 2019 SANS Security Operations Center Survey

Integration with Network Operations Centers Improves Efficiency and Efficacy; Solutions to Reduce Staffing Shortages

BETHESDA, Md.June 25, 2019 /PRNewswire/ — Integrating efforts of network operations centers (NOCs) and outsourcing security operations tasks offer major avenues toward improving SOC effectiveness and efficiency, according to results of a survey to be released by SANS Institute on July 10 and discussed on July 11.

Organizations often realize improved efficiency through integration with internal resources, such as NOCs. We did see an uptick in organizations integrating NOC and SOC operations, an important way to increase both effectiveness and efficiency, especially when outsourcing is not feasible. Thirty-four percent of respondents reported either fully integrating or effectively working with their NOC.

“Though we saw some improvement this year, most SOCs still aren’t fully leveraging the potential of interaction with their NOCs,” says Christopher Crowley, SANS security operations and incident response team management instructor, and author of the survey. “If you aren’t consistently leveraging this ‘sibling’ in your organization, you’re missing efficiency and knowledge-sharing opportunities.”

Survey results indicate that staffing continues to be a problem for security-minded organizations, with 58% of respondents citing lack of skilled staff as a barrier to excellence. Outsourcing such tasks as pen-testing, digital forensics and threat intelligence—at least until organizations have developed standard use cases appropriate for their business operations—is one way to reduce the burden on in-house staff.

“A SOC is an expensive proposition with substantial operational costs and staffing needs,” continues Crowley. “To minimize these costs, or to deal with staffing restrictions, organizations need to consider their options. And, outsourcing some functions offers opportunities to reduce in-house responsibilities and improve SOC functionality.”

These and other suggestions for improving the efficiency and effectiveness of SOCs are discussed in the SANS 2019 Security Operations Center Survey, along with context provided by SOC managers from small-to-medium size organizations.

Full results will be shared during a July 10 webcast at 1 PM EDT, sponsored by Anomali, BTB Security, Cyberbit, DFLabs, ExtraHop, Siemplify, and ThreatConnect, and hosted by SANS. Register to attend the webcast at https://www.sans.org/webcasts/110050.

Representatives of ExtraHop, Siemplify, and ThreatConnect join Chris Crowley and SANS director of emerging technologies John Pescatore for a panel discussion on the results on July 11 at 1 PM EDT. Register to attend that webcast at https://www.sans.org/webcasts/110075.

Those who register for the webcast will also receive access to the published results paper developed by SANS analyst and security operations expert, Chris Crowley, with advice from John Pescatore.

Tweet This:
What challenges inhibit integration and utilization of a centralized #SOC model? Find out in our upcoming 2019 SANS #SOC Survey results with SANS @CCrowMontance & @john_pescatore | https://www.sans.org/webcasts/110050

See what #security practitioners have to say about their SOC experiences in our upcoming 2019 SANS #SOC Survey webcast with @CCrowMontance & @john_pescatore on 7/10 @ 1PM ET | https://www.sans.org/webcasts/110050

Gain greater insight into capabilities and implementations | @CCrowMontance & @john_pescatore discuss selected results with sponsors on 7/11 @ 1PM ET | https://www.sans.org/webcasts/110075

About SANS Institute
The SANS Institute was established in 1989 as a cooperative research and education organization. SANS is the most trusted and, by far, the largest provider of cyber security training and certification to professionals at governments and commercial institutions world-wide. Renowned SANS instructors teach over 60 different courses at more than 200 live cyber security training events as well as online. GIAC, an affiliate of the SANS Institute, validates a practitioner’s qualifications via over 30 hands-on, technical certifications in cyber security. The SANS Technology Institute, a regionally accredited independent subsidiary, offers master’s degrees in cyber security. SANS offers a myriad of free resources to the InfoSec community including consensus projects, research reports, and newsletters; it also operates the Internet’s early warning system–the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to help the entire information security community. (https://www.sans.org)

SOURCE SANS Institute