Four Most Common Deficiencies of SOCs

Back to all articles

Deficiencies of SOCs

For most of the time, areas that rankle SANS survey respondents the most about SOCs can be addressed with the right combination of planning, policies, and procedures.

The SANS Institute pinpointed the four most common SOC deficiencies in this year’s edition of its annual security operation center (SOC) survey.

The core of these deficiencies can be traced to a familiar source: people, processes, and proper planning and implementation of technology. Let’s take a look at the worst four and what security teams can do about them.

1. Automation/Orchestration

Most SOCs fall back in automation and orchestration because the SOC team is not aware of the processes that should be automated. Company employees are its first line of defense. Start by interviewing SOC personnel to understand their responsibilities and identify repeatable processes, such as evidence gathering during an incident (IP/URL reputation, information, etc.) that are time consuming and easily automated.


You can read the full article here

Read article

Get Started with a One-to-One Personalized Demo

Dramatically reduce the mean time to detection, response and remediation of all potential security incidents, ensuring no alert goes untouched.

See IncMan SOAR in Action.

Request a demo