{"id":66,"date":"2019-07-30T05:48:09","date_gmt":"2019-07-30T05:48:09","guid":{"rendered":"http:\/\/localhost\/wordpress\/?p=66"},"modified":"2025-02-19T12:39:57","modified_gmt":"2025-02-19T12:39:57","slug":"are-you-building-an-effective-soc","status":"publish","type":"post","link":"https:\/\/origin-www.paloaltonetworks.sg\/perspectives\/are-you-building-an-effective-soc\/","title":{"rendered":"Are You Building an Effective SOC?"},"content":{"rendered":"<p>Today, businesses spend heavily on cybersecurity. But to get value for their money, they need an overarching strategy. The state-of-the-art approach is to build an effective security operations center (SOC). <\/p>\n<p>An SOC is commonly referred to as the central command center for cybersecurity operations. A team of security analysts uses advanced detection tools to identify, record and repel cyberattacks. The analysts work with a playbook of processes laying out the steps they need to take to keep their organization secure.<\/p>\n<p>Many large businesses have implemented successful SOCs, especially those dealing with sensitive data such as personally identifiable information (PII). Typically, these include financial and retail companies but also those working with governments and organizations looking to digitize services and use big data.<\/p>\n<p>More mid-sized businesses are following suit, though the majority prefer to outsource their SOC to reduce costs. Companies that offer outsourced cyber protection are known as managed security services providers (MSSP).<\/p>\n<p>Organizations often build an SOC when they have dozens of security tools operating across their network but struggle to make sense of all the data they produce. Large organizations typically have products from 40 to 60 security vendors, ranging from endpoint-protection and intrusion-detection systems to firewalls and scanning tools. Each security tool can generate large volumes of data about network activity and any suspicious exploits. <\/p>\n<p>For organizations about to embark on the SOC journey, there are five important questions that boards and chief information security officers should ask before they start building an SOC that is both customized and effective.<\/p>\n<ol>\n<li><b>Why build it?<\/b> Be clear about what you plan to achieve with an SOC. The aim is to reduce cybersecurity threats, defend the organization\u2019s data, and protect its reputation. What will be the key performance indicators (KPIs)? These could include incident response times. There should also be agreements between the CISO and the board that set out the level of risk management services the SOC will offer. These can be listed in service level agreements (SLAs) which specify areas such as the speed of response and processes for reporting critical threats.<\/li>\n<li><b>When to deliver?<\/b> With over 30 possible SOC services, a common pressure is to try and launch everything from day one. Instead, the services should be introduced in logical stages. This could follow a capability maturity model, a methodology for laying out the evolution of software processes, typically in five stages. The SOC would complete the first phase, then the CISO and board would check and assess this before moving on to the following stage. This means each stage is fully implemented and functional before going to the next. <\/li>\n<li><b>How<\/b><b> do you deliver?<\/b> Decide on the processes you need to follow to make the SOC efficient. Playbooks and process diagrams are a key discussion point.<\/li>\n<li><b>Who is responsible? <\/b>Outside of the security division in an organization, who else has a say to make the SOC effective? Departments such as human resources, compliance, and public relations are some common examples.<\/li>\n<li><b>What is the technology set up?\u00a0<\/b>A key decision is which SOC tools should be used. This will depend on the objectives, budgets and preferences of the security analysts and the CISO. Tools usually include a security information and event management system (SIEM). This is a dashboard which analyses all security events\u2014possible threats\u2014which affect an organization\u2019s computer network. It is important to remember that a SIEM is not a replacement for an SOC, but just one tool in the SOC\u2019s armory. There must also be a ticketing system, so when a threat is identified, a ticket or record is created. This allows teams to seamlessly hand over their workload to other shifts. There could also be a security orchestration and response tool (SOAR), which automates the collection and analysis of low-level threat intelligence.<\/li>\n<\/ol>\n<p>What is so powerful about an SOC is that it goes further than simply identifying and dealing with security incidents. Threat hunting is a vital part of the risk management work of security analysts. They will work with cybersecurity vendors to list possible threats. And they may work with computer emergency response teams (CERTS), which are industry-wide groups that analyse security incidents. The goal is to gather data on so-called indicators of compromise\u2014as cyber threats are known\u2014and allow analysts to compare the threats they receive with other companies in their field.<\/p>\n<p>Building an effective SOC requires <a href=\"https:\/\/www.securitymagazine.com\/articles\/92248-trends-for-building-and-operating-a-security-operation-center\" target=\"_blank\" rel=\"noopener\" data-page-track=\"true\" data-page-track-value=\"cybersecurity-perspectives:are-you-building-an-effective-soc: parbase:are you building an effective soc?\">clear thinking and strong vision<\/a>. Done well, an SOC is not a cost but an investment in data protection and corporate reputation. As you plan the <a href=\"\/content\/pan\/en_US\/cybersecurity-perspectives\/8-steps-to-simplify-cybersecurity\/\" data-page-track=\"true\" data-page-track-value=\"cybersecurity-perspectives:are-you-building-an-effective-soc: parbase:are you building an effective soc?\">cybersecurity strategy<\/a> for your organization\u2014and consider the essential tools\u2014here are some key takeaways: <\/p>\n<ol>\n<li>Organizations create a security operations center when they have dozens of cybersecurity tools operating across their network and need visibility and context to identify threats and reduce risk.<\/li>\n<li>An SOC not only identifies and responds to security threats, it also hunts and predicts possible sources of attack.<\/li>\n<li>The what, when, how, and who questions can only be answered when we can clearly articulate why we are building an SOC.<\/li>\n<li>An SOC helps organizations move from reactive to proactive threat management.<\/li>\n<\/ol>\n<p>Now, what if want to take your SOC to the next level? Stay tuned, as I\u2019ll address this question in the <a href=\"\/content\/pan\/en_US\/cybersecurity-perspectives\/how-to-create-a-next-generation-soc\/\" data-page-track=\"true\" data-page-track-value=\"cybersecurity-perspectives:are-you-building-an-effective-soc: parbase:are you building an effective soc?\">second article<\/a> of this two-part series on creating an effective security operations center.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Key questions to ask before building a Security Operations Center. <\/p>\n","protected":false},"author":1,"featured_media":355,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[20],"tags":[],"coauthors":[42],"class_list":["post-66","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-business-transformation"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Are You Building an Effective SOC? - Perspectives<\/title>\n<meta name=\"description\" content=\"Key questions to ask before building a Security Operations Center.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/origin-www.paloaltonetworks.sg\/perspectives\/are-you-building-an-effective-soc\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Are You Building an Effective SOC? - Perspectives\" \/>\n<meta property=\"og:description\" content=\"Key questions to ask before building a Security Operations Center.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/origin-www.paloaltonetworks.sg\/perspectives\/are-you-building-an-effective-soc\/\" \/>\n<meta property=\"og:site_name\" content=\"Perspectives\" \/>\n<meta property=\"article:published_time\" content=\"2019-07-30T05:48:09+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-02-19T12:39:57+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/origin-www.paloaltonetworks.sg\/perspectives\/wp-content\/uploads\/2019\/07\/are-you-building-an-effective-soc.jpeg\" \/>\n\t<meta property=\"og:image:width\" content=\"840\" \/>\n\t<meta property=\"og:image:height\" content=\"560\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Haider Pasha\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/origin-www.paloaltonetworks.sg\/perspectives\/are-you-building-an-effective-soc\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/origin-www.paloaltonetworks.sg\/perspectives\/are-you-building-an-effective-soc\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\/\/origin-www.paloaltonetworks.sg\/perspectives\/#\/schema\/person\/fa04bcb7bc197e39dfef6232349f7977\"},\"headline\":\"Are You Building an Effective SOC?\",\"datePublished\":\"2019-07-30T05:48:09+00:00\",\"dateModified\":\"2025-02-19T12:39:57+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/origin-www.paloaltonetworks.sg\/perspectives\/are-you-building-an-effective-soc\/\"},\"wordCount\":888,\"commentCount\":0,\"image\":{\"@id\":\"https:\/\/origin-www.paloaltonetworks.sg\/perspectives\/are-you-building-an-effective-soc\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/origin-www.paloaltonetworks.sg\/perspectives\/wp-content\/uploads\/2019\/07\/are-you-building-an-effective-soc.jpeg\",\"articleSection\":[\"Business Transformation\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/origin-www.paloaltonetworks.sg\/perspectives\/are-you-building-an-effective-soc\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/origin-www.paloaltonetworks.sg\/perspectives\/are-you-building-an-effective-soc\/\",\"url\":\"https:\/\/origin-www.paloaltonetworks.sg\/perspectives\/are-you-building-an-effective-soc\/\",\"name\":\"Are You Building an Effective SOC? - Perspectives\",\"isPartOf\":{\"@id\":\"https:\/\/origin-www.paloaltonetworks.sg\/perspectives\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/origin-www.paloaltonetworks.sg\/perspectives\/are-you-building-an-effective-soc\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/origin-www.paloaltonetworks.sg\/perspectives\/are-you-building-an-effective-soc\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/origin-www.paloaltonetworks.sg\/perspectives\/wp-content\/uploads\/2019\/07\/are-you-building-an-effective-soc.jpeg\",\"datePublished\":\"2019-07-30T05:48:09+00:00\",\"dateModified\":\"2025-02-19T12:39:57+00:00\",\"author\":{\"@id\":\"https:\/\/origin-www.paloaltonetworks.sg\/perspectives\/#\/schema\/person\/fa04bcb7bc197e39dfef6232349f7977\"},\"description\":\"Key questions to ask before building a Security Operations Center.\",\"breadcrumb\":{\"@id\":\"https:\/\/origin-www.paloaltonetworks.sg\/perspectives\/are-you-building-an-effective-soc\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/origin-www.paloaltonetworks.sg\/perspectives\/are-you-building-an-effective-soc\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/origin-www.paloaltonetworks.sg\/perspectives\/are-you-building-an-effective-soc\/#primaryimage\",\"url\":\"https:\/\/origin-www.paloaltonetworks.sg\/perspectives\/wp-content\/uploads\/2019\/07\/are-you-building-an-effective-soc.jpeg\",\"contentUrl\":\"https:\/\/origin-www.paloaltonetworks.sg\/perspectives\/wp-content\/uploads\/2019\/07\/are-you-building-an-effective-soc.jpeg\",\"width\":840,\"height\":560},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/origin-www.paloaltonetworks.sg\/perspectives\/are-you-building-an-effective-soc\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/origin-www.paloaltonetworks.sg\/perspectives\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Are You Building an Effective SOC?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/origin-www.paloaltonetworks.sg\/perspectives\/#website\",\"url\":\"https:\/\/origin-www.paloaltonetworks.sg\/perspectives\/\",\"name\":\"Perspectives\",\"description\":\"What\u2019s next for business and technology innovators.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/origin-www.paloaltonetworks.sg\/perspectives\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/origin-www.paloaltonetworks.sg\/perspectives\/#\/schema\/person\/fa04bcb7bc197e39dfef6232349f7977\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/origin-www.paloaltonetworks.sg\/perspectives\/#\/schema\/person\/image\/0058eff42c16830fc0b2a884d693ea44\",\"url\":\"https:\/\/origin-www.paloaltonetworks.sg\/perspectives\/wp-content\/uploads\/2025\/02\/panw_master-twitter-profile-pic-400x400-1-150x150.png\",\"contentUrl\":\"https:\/\/origin-www.paloaltonetworks.sg\/perspectives\/wp-content\/uploads\/2025\/02\/panw_master-twitter-profile-pic-400x400-1-150x150.png\",\"caption\":\"admin\"},\"sameAs\":[\"http:\/\/localhost\/wordpress\"],\"url\":\"https:\/\/origin-www.paloaltonetworks.sg\/perspectives\/author\/admin\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Are You Building an Effective SOC? - Perspectives","description":"Key questions to ask before building a Security Operations Center.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/origin-www.paloaltonetworks.sg\/perspectives\/are-you-building-an-effective-soc\/","og_locale":"en_US","og_type":"article","og_title":"Are You Building an Effective SOC? - Perspectives","og_description":"Key questions to ask before building a Security Operations Center.","og_url":"https:\/\/origin-www.paloaltonetworks.sg\/perspectives\/are-you-building-an-effective-soc\/","og_site_name":"Perspectives","article_published_time":"2019-07-30T05:48:09+00:00","article_modified_time":"2025-02-19T12:39:57+00:00","og_image":[{"width":840,"height":560,"url":"https:\/\/origin-www.paloaltonetworks.sg\/perspectives\/wp-content\/uploads\/2019\/07\/are-you-building-an-effective-soc.jpeg","type":"image\/jpeg"}],"author":"Haider Pasha","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/origin-www.paloaltonetworks.sg\/perspectives\/are-you-building-an-effective-soc\/#article","isPartOf":{"@id":"https:\/\/origin-www.paloaltonetworks.sg\/perspectives\/are-you-building-an-effective-soc\/"},"author":{"name":"admin","@id":"https:\/\/origin-www.paloaltonetworks.sg\/perspectives\/#\/schema\/person\/fa04bcb7bc197e39dfef6232349f7977"},"headline":"Are You Building an Effective SOC?","datePublished":"2019-07-30T05:48:09+00:00","dateModified":"2025-02-19T12:39:57+00:00","mainEntityOfPage":{"@id":"https:\/\/origin-www.paloaltonetworks.sg\/perspectives\/are-you-building-an-effective-soc\/"},"wordCount":888,"commentCount":0,"image":{"@id":"https:\/\/origin-www.paloaltonetworks.sg\/perspectives\/are-you-building-an-effective-soc\/#primaryimage"},"thumbnailUrl":"https:\/\/origin-www.paloaltonetworks.sg\/perspectives\/wp-content\/uploads\/2019\/07\/are-you-building-an-effective-soc.jpeg","articleSection":["Business Transformation"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/origin-www.paloaltonetworks.sg\/perspectives\/are-you-building-an-effective-soc\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/origin-www.paloaltonetworks.sg\/perspectives\/are-you-building-an-effective-soc\/","url":"https:\/\/origin-www.paloaltonetworks.sg\/perspectives\/are-you-building-an-effective-soc\/","name":"Are You Building an Effective SOC? - Perspectives","isPartOf":{"@id":"https:\/\/origin-www.paloaltonetworks.sg\/perspectives\/#website"},"primaryImageOfPage":{"@id":"https:\/\/origin-www.paloaltonetworks.sg\/perspectives\/are-you-building-an-effective-soc\/#primaryimage"},"image":{"@id":"https:\/\/origin-www.paloaltonetworks.sg\/perspectives\/are-you-building-an-effective-soc\/#primaryimage"},"thumbnailUrl":"https:\/\/origin-www.paloaltonetworks.sg\/perspectives\/wp-content\/uploads\/2019\/07\/are-you-building-an-effective-soc.jpeg","datePublished":"2019-07-30T05:48:09+00:00","dateModified":"2025-02-19T12:39:57+00:00","author":{"@id":"https:\/\/origin-www.paloaltonetworks.sg\/perspectives\/#\/schema\/person\/fa04bcb7bc197e39dfef6232349f7977"},"description":"Key questions to ask before building a Security Operations Center.","breadcrumb":{"@id":"https:\/\/origin-www.paloaltonetworks.sg\/perspectives\/are-you-building-an-effective-soc\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/origin-www.paloaltonetworks.sg\/perspectives\/are-you-building-an-effective-soc\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/origin-www.paloaltonetworks.sg\/perspectives\/are-you-building-an-effective-soc\/#primaryimage","url":"https:\/\/origin-www.paloaltonetworks.sg\/perspectives\/wp-content\/uploads\/2019\/07\/are-you-building-an-effective-soc.jpeg","contentUrl":"https:\/\/origin-www.paloaltonetworks.sg\/perspectives\/wp-content\/uploads\/2019\/07\/are-you-building-an-effective-soc.jpeg","width":840,"height":560},{"@type":"BreadcrumbList","@id":"https:\/\/origin-www.paloaltonetworks.sg\/perspectives\/are-you-building-an-effective-soc\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/origin-www.paloaltonetworks.sg\/perspectives\/"},{"@type":"ListItem","position":2,"name":"Are You Building an Effective SOC?"}]},{"@type":"WebSite","@id":"https:\/\/origin-www.paloaltonetworks.sg\/perspectives\/#website","url":"https:\/\/origin-www.paloaltonetworks.sg\/perspectives\/","name":"Perspectives","description":"What\u2019s next for business and technology innovators.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/origin-www.paloaltonetworks.sg\/perspectives\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/origin-www.paloaltonetworks.sg\/perspectives\/#\/schema\/person\/fa04bcb7bc197e39dfef6232349f7977","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/origin-www.paloaltonetworks.sg\/perspectives\/#\/schema\/person\/image\/0058eff42c16830fc0b2a884d693ea44","url":"https:\/\/origin-www.paloaltonetworks.sg\/perspectives\/wp-content\/uploads\/2025\/02\/panw_master-twitter-profile-pic-400x400-1-150x150.png","contentUrl":"https:\/\/origin-www.paloaltonetworks.sg\/perspectives\/wp-content\/uploads\/2025\/02\/panw_master-twitter-profile-pic-400x400-1-150x150.png","caption":"admin"},"sameAs":["http:\/\/localhost\/wordpress"],"url":"https:\/\/origin-www.paloaltonetworks.sg\/perspectives\/author\/admin\/"}]}},"_links":{"self":[{"href":"https:\/\/origin-www.paloaltonetworks.sg\/perspectives\/wp-json\/wp\/v2\/posts\/66","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/origin-www.paloaltonetworks.sg\/perspectives\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/origin-www.paloaltonetworks.sg\/perspectives\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/origin-www.paloaltonetworks.sg\/perspectives\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/origin-www.paloaltonetworks.sg\/perspectives\/wp-json\/wp\/v2\/comments?post=66"}],"version-history":[{"count":2,"href":"https:\/\/origin-www.paloaltonetworks.sg\/perspectives\/wp-json\/wp\/v2\/posts\/66\/revisions"}],"predecessor-version":[{"id":359,"href":"https:\/\/origin-www.paloaltonetworks.sg\/perspectives\/wp-json\/wp\/v2\/posts\/66\/revisions\/359"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/origin-www.paloaltonetworks.sg\/perspectives\/wp-json\/wp\/v2\/media\/355"}],"wp:attachment":[{"href":"https:\/\/origin-www.paloaltonetworks.sg\/perspectives\/wp-json\/wp\/v2\/media?parent=66"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/origin-www.paloaltonetworks.sg\/perspectives\/wp-json\/wp\/v2\/categories?post=66"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/origin-www.paloaltonetworks.sg\/perspectives\/wp-json\/wp\/v2\/tags?post=66"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/origin-www.paloaltonetworks.sg\/perspectives\/wp-json\/wp\/v2\/coauthors?post=66"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}