Building and Operating a Modern SOC: Best PracticesGartner's Pete Shoard Shares a Structured Approach
A structured approach is needed to efficiently establish and operate a modern SOC, says Gartner's Pete Shoard. Key steps, he says, include creating the right requirements, planning contextually and choosing the right tools and strategies.
"Organizations traditionally looked at the technology aspect of creating a SOC," Shoard says in an interview with Information Security Media Group. "The functions that the SOCs are carrying out are not simply to do with the technology that they are purchasing; it's actually to do with very specific use case requirements for the SOC."
Organizations must understand their risks and related challenges, prioritize which risks need to be addressed first and then build a SOC to meet those needs, he says.
In this audio interview (player link below image), Shoard also talks about:
- The key differences between a modern SOC and earlier versions;
- What toolsets are key to the success of a SOC;
- Outsourcing SOC functionality - where to draw the line.
Shoard, a senior director with Gartner based in the U.K., and has over 14 years of industry experience. Working in the firm's infrastructure protection team, Shoard covers analysis of managed security service providers and security monitoring technologies such as SIEM and behavioral analytics as well as wider support for research within the security and risk management business areas.