Security operation centers are the hub for an organization's threat detection. But organizations can take a number of steps to improve SOC operations, says Kerry Matre of Palo Alto Networks.
"There are quite a few things I've seen in different SOCs that are not working well," Matre says in an interview with Information Security Media Group. "One of the easiest things to fix that I've seen going wrong most of the time is a lot of SOCs don't have a clear mission."
Matre says that those running SOCs need to learn exactly how they fit in the business as well as narrow their scope. SOCs that expand their mission into areas such as incident response, forensics and compliance risk losing their focus and begin missing threats, she contends.
"Write it [the mission] down," she says. "Make sure the rest of the business buys into it. Then those conflicts - those walls between the different groups of an organization - can start to be broken down. That's when the SOC can enable the business."
In this interview (see audio link below photo), Matre discusses:
Why SOCs should keep a narrow focus - investigate, mitigate and respond - to maintain optimal effectiveness; How to ensure tools are used to their full potential; How organizations can define metrics for SOCs that help both analysts and business executives.Matre is a security operations strategist with Palo Alto Networks. She has assessed more than 150 SOCs, helping organizations with better processes to maintain a focus on threats. Before joining Palo Alto Networks, Matre was director of security portfolio marketing services at Hewlett-Packard Enterprise Security Products and director of product development at MD-IT.