Analyst & Research Reports

O'Reilly Modern Defense in Depth

Issue link:

Contents of this Issue


Page 44 of 53

actionable concept also includes putting threat intelligence gained from external sources into combat, as well. What is achieved is shar‐ ing of intelligence across all lines of defense, from the entire edge to the core, and it can eliminate independent lines of defense once and for all. Comparing On-Premises SOCs and Outsourced SOCs Many enterprises today have invested heavily in their own on- premises SOCs, which is a great step in the right direction. These on-premises SOCs include a great deal of logging technology (secu‐ rity information and event management [SIEM]) most often man‐ ned by expert security analysts. The advantages of the on-premises SOC equates to measurable improvements in detecting and mitigat‐ ing attacks, which results in better security. However, there are a number of challenges facing the on-premises SOC solution: there is a shortage of available analysts and security experts (which is affecting the cybersecurity industry overall), small organizations often cannot afford the salaries these experts are paid, and SOC expert retention rates are poor because their opportunities for career advancement abound. And there is one drawback to this solution: because the on-premises SOC is working to defend a single organization, their view of the worldwide cyberthreat landscape is somewhat limited to the attacks targeting their own networks, users, and web applications, and so it can be difficult for them to obtain and quantify the broad picture. On-Premises SOCs are Making a Significant Difference Many on-premises SOC teams are making great advances in pro‐ tecting their organizations against cybercrime and shortening the time from device "infection" to attacker activity "detection," espe‐ cially if they are moving toward full integration of the lines of defense in their organizations, and when SOC personnel are com‐ petent in automation, scripting, and APIs. In comparison, one of the benefits that an outsourced SOC offers is the value of the crowd-sourced knowledge gained from the many different customers they support daily. Today's cloud-based provid‐ Comparing On-Premises SOCs and Outsourced SOCs | 35

Articles in this issue

view archives of Analyst & Research Reports - O'Reilly Modern Defense in Depth