As the nerve center for most cybersecurity programs, the security operations center (SOC) can make or break an organizations' ability to detect, analyze, and respond to incidents in a timely fashion. According to a new study from SANS Institute, today's SOCs are treading water when it comes to making progress on maturing their practices and improving their technical capabilities. Experts say that may not be such a bad thing considering how quickly the threats and the tech stacks they monitor are expanding and changing.
"Going strictly by the numbers, not much changed for SOC managers from 2018 to 2019," wrote Chris Crowley and John Pescatore in the SANS 2019 SOC Survey report. "However, just staying in place against these powerful currents is impressive, considering the rapid movement of critical business applications to cloud-based services, growing business use of 'smart' technologies driving higher levels of heterogeneous technology, and the overall difficulties across the technology world in attracting employees."
Dark Reading explores the statistics from this study, as well as a recent State of the SOC report from Exabeam, to get some understanding about what it takes to run a SOC today and some of the major challenges security teams face in getting the most out of their SOC investments.