I recently posted the below on the SANS Internet Storm Center.
Can you imagine being pleased to learn that the pilot of your next flight had anything less than full visibility into the operation of the next airplane you board? Why would you settle for anything less for your Security Operations Center (SOC)? How long can your you stand for your SOC team to not know there is a problem in your environment?
When building a SOC several years ago, I recall making screens ready in the event of an unexpected, yet necessary VIP tour. The intent of these is to impress those dignitaries by displaying cool things that are happening on your network. After you have finished impressing your VIPs, what actionable information should be displayed in your SOC to help them respond to threats in your environment?
Consider spending time this week ensuring your SOC wall is populated with meaningful screens that add value to your SOC by asking these questions.
- Which security controls are not sending data to your SOC?
- Would your SOC know when your most critical systems stopped sending their logs?
- What is the baseline of traffic volume in and out of your sensitive network zones?
- What is the health status of your security agents?
Share what you find valuable on your SOC wall!
*** This is a Security Bloggers Network syndicated blog from SecurityEverAfter authored by SecurityEverAfter. Read the original post at: http://www.securityeverafter.com/2018/06/i-recently-posted-below-sans-internet.html