I’ve discussed before how Security Operations Centers (SOCs) are now becoming detection and response organizations. But like most transitions, that shift doesn’t happen overnight. Three different areas need to be addressed – data, systems and people.
Many organizations today deal with data that is noisy and unstructured, decentralized without prioritization, and managed with spreadsheets. Their systems are disconnected and disparate, workflows are not orchestrated nor automated, and each system uses its own specific language which makes it difficult, if not impossible, to get them to interoperate. Finally, there’s a significant lack of skilled resources to get things done.