The Five Models of Security Operation Centers


Foundational Refreshed: 07 December 2016 | Published: 22 October 2015 ID: G00263908

Analyst(s): |

New to Gartner?

Register with us for FREE access to this research document.

REGISTER NOW

Summary

A security operations center provides centralized and consolidated cybersecurity incident prevention, detection and response capabilities. This research outlines the five most common SOC models and how CISOs can decide which one makes sense for the organization.

Table of Contents

  • Analysis
    • Definition
    • Description
      • SOC Models
    • Benefits and Uses
      • Improved Threat Management
      • Regulatory Compliance
      • Centralization and Consolidation of Security Functions
      • Adoption Rate
    • Risks
      • Breach Response Failures
      • Skills, Expertise and Staff Retention
      • Demonstrating a Return on Investment
    • SOC Alternatives
      • Informal Structure
      • Fully Outsourced
    • Recommendations
  • Gartner Recommended Reading
© 2015 Gartner, Inc. and/or its Affiliates. All Rights Reserved. Reproduction and distribution of this publication in any form without prior written permission is forbidden. The information contained herein has been obtained from sources believed to be reliable. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Although Gartners research may discuss legal issues related to the information technology business, Gartner does not provide legal advice or services and its research should not be construed or used as such. Gartner shall have no liability for errors, omissions or inadequacies in the information contained herein or for interpretations thereof. The opinions expressed herein are subject to change without notice.

Why Gartner

Gartner delivers the technology-related insight you need to make the right decisions, every day.

Find out more