Your security operations center (SOC) has the potential to be the cornerstone of your organization’s broader effort to manage digital risk.
Skeptical of that statement? Consider this: your SOC is on the front line, defending your organization against cyber attacks every day. Assuming your SOC has the visibility and analytical capabilities it needs, it witnesses the different methods attackers use against your enterprise, the assets they’re targeting, and the vulnerabilities in your infrastructure they’re trying to exploit. Arguably, no one inside your enterprise knows better than your SOC analysts the threats your organization faces—information that’s essential to managing digital risk.
So what does it take to gather this kind of intelligence and share it with the senior leaders in charge of digital risk management? It starts with an intelligent SOC.
What’s an Intelligent SOC?
The intelligent SOC has true visibility across an organization’s entire IT infrastructure, from the endpoint to the cloud to virtual, hybrid, and of course, on-premises computing environments. In addition, it uses tools that give security incidents some business context—meaning, if an analyst gets an alert that an endpoint may have been compromised, the analyst can quickly find out whether the endpoint is the CEO’s laptop or an intern’s PC and what access to other systems the user with the affected endpoint has.
An intelligent SOC also has sophisticated reporting capabilities: It can provide insight into the number of incidents occurring each day, the nature of those incidents, the time it takes to detect and resolve them, (Read more...)
*** This is a Security Bloggers Network syndicated blog from RSA Blog authored by Amy Blackshaw. Read the original post at: http://www.rsa.com/en-us/blog/2018-04/role-of-soc-in-managing-digital-risk.html