Not a Gartner Client?
Want more research like this?
Learn the benefits of becoming a Gartner client.
Technical professionals pursuing a more mature security practice may decide to centralize all or part of those activities into a SOC. This guidance presents security architects with a structured approach to plan, establish and efficiently operate a modern SOC.
Table of Contents
The Gartner Approach
The Guidance Framework
- Motivation and Drivers
- Who Can (or Should) Have a SOC?
- SOC and External Help
- The SOC Business Case
- Defining Your SOC Characteristics
- Organizational Structure of Your SOC
- Outsourcing SOC Components
- External Links of a SOC
Implementing the SOC
- SOC Processes
- SOC Technology
- The SOC Team
- The SOC Implementation Project
Operating the SOC
- Running a 24/7 Operation
- Workforce Management
- Working With a MSSP
- Measuring the SOC Performance
Evolving and Expanding the SOC
- Hunting and Data Exploration, Threat Discovery
- Shifting Away From Alerts-Only Model
- Increased Automation and Use of Orchestration Tools
- Introduction of Deception Techniques
- Threat Intelligence Production
- Increased Use of Advanced Analytics Tools
- Blue, Red and Purple Teams
- The SOC Maturity Scale
Risks and Pitfalls
- Related Guidance
Gartner Recommended Reading