Le SANS Institute a publié une étude a propos des SOCs, ces Security Operation Center en charge de la détection et de la réaction en cas d’incident de sécurité. En synthèse, il met en évidence que les opérations gagnent en maturité mais ont besoin de davantage d’automatisation, ce qui laisse logiquement la porte grande ouverte à l’intelligence artificielle.
As a sign that SOCs are becoming multifunctional and maturing, 67% of respondents
said they are satisfied with their flexibility of response, while 65% are satisfied with their overall response time and 64% felt satisfied with containment abilities.
However, satisfaction numbers dip below 50% for SOC-NOC (network operations center) coordination and effectiveness, as well as the ability to detect previously unknown threats, which is also the capability that received the most “not satisfied” responses, at 45%. These are clear areas where more automation and integration will help organizations take their SOCs to the next level.
L’étude est en libre accès ici:
Découvert via cet article:
SOCs are maturing, but need more automation – Help Net Security
Security operations centers (SOCs) are growing up, according to a new SANS survey. Respondents indicate the SOC’s primary strengths are flexibility of response and response time, while their biggest weakness is lack of visibility into events. « Survey results indicate that organizations still can’t detect previously unknown threats, which is a consistent problem across many other SANS surveys, » says SANS Analyst and Instructor Christopher Crowley.