Share these talks and lectures with your colleagues
Invite colleaguesPractice paper
SOC 2030: Security Operations centres are broken, let’s fix them
Cyber Security: A Peer-Reviewed Journal,
2
(3),
251-261
(2018)
Abstract
Security operations centres (SOCs) are facing many challenges today, including a cyber security skills gap hampering the ability to hire and retain staff, an overabundance of low-fidelity data flowing into the SOC, a broken innovation consumption model and a lacking ability to measure capabilities of a SOC. To overcome these challenges, a fundamental change in the approach to SOCs must be made. The changes necessary to allow a SOC to protect an organisation against successful cyberattacks are not just limited to the SOC itself. They require tight integration with groups aligned with the SOC, including network operations, security engineering, and the lines of business themselves. A prerequisite to this tight integration is a clear mission statement of what service the SOC provides to the business, including what it does and does not do. From there, we can begin to alter the inputs and outputs of a SOC through implementation of a prevention-based architecture and mitigation automation, a new security innovation consumption model and continuous measurement of configuration and operational confidence. This paper will walk through the fundamental changes needed to meet the challenges SOCs face today and move towards the adaptive SOC of the future: SOC 2030.
Keywords: cyber security; security operations centre; cyber defence centre; prevention-based architecture; SOC 2030; SOC metrics; adaptive SOC
The full article is available to subscribers to the journal.
Author's Biography
Kerry Matre is the Head of Security Operations Strategy at Palo Alto Networks. She has been defining the steps for customers to transform their architecture and security operations to the next level: increasing prevention, reducing risk and enabling smart people to do smart things within their operations. Her background in security operations has provided insight into over 150 Security Operations Centres (SOCs). Having been involved in assessing the capabilities and effectiveness of SOCs in over 25 countries worldwide, Kerry has a unique view into what has worked in a SOC and what has failed in the past. At HP/HPE ArcSight, Kerry co-authored ‘The State of Security Operations Report of Capabilities and Maturity of Cyber Defense Organizations’ from 2015 to 2017. She has a BSc in computer science from the University of Colorado at Boulder. Her previous experiences include work at IBM, which involved software development, ethical hacking and creating one of the first and largest data marts for security analytics.
