Peer-Driven Insights

Security Operations Center (SOC)

Active Ambassadors in This Topic

Amit Singh

Amit Singh

Google

Healthcare and Biotech, 10k+

India
C

Clifton Persaud

ISACA

Education, 10k+

United States
C

Clifton Persaud

ISACA-GWDC

Education, 5k - 10k

US
View All Community Ambassadors

Community Posts

Does your organisation have a formalised threat hunting programme? If so - what were the key drivers for you in setting one up and what made it successful?

If not - what is stopping you from setting this up?

Read More Comments

Employee Count and Licensing Usage:

- What is your employee count?

- Do you use Microsoft E3, E5, or a variation (e.g., E3 + Security E5)?

- Do you rely only on Microsoft EOP and/or Defender for O365 for email protection? If not, what other product(s) do you use (e.g., Proofpoint, Abnormal)?

Read More Comments

I am currently conducting research on emerging trends in Security Operations.  Specifically, I am focusing on how organizations are approaching Tier 1 (alert triage) and Tier 2 (root cause analysis) SOC functions. I would greatly appreciate your input on the following: Are you seeing these functions being outsourced in your organization or others you are familiar with? If so, at what company size or operational scale does outsourcing typically begin? Are there any approximate annual cost ranges you have seen for outsourced Tier 1 and/or Tier 2 activities (including tools and personnel)?

Read More Comments

Who owns Communication in Network vs. Security Incidents? Best Practices & RACI Guidance Needed In many organizations, Network and Security teams both play a role in incident response, especially when firewall or SASE issues impact network performance. When an issue is first diagnosed by the Network team but determined to be security-related, who should own the ongoing communication, resolution updates, and root cause reporting? I’d love to hear from the community:  • Are there best practices, ITIL/ITSM frameworks, or RACI models that clarify ownership?  • How does your organization handle communication handoffs between Network and Security teams?

We need to review our security strategy.  Currently we use a service provider to provide SIEM and SOC services.  They use Manage Engine and OberserveIT. They also patch and upgrade our endpoints. Tend Vison one is the foundation on which we have built our endpoint protection.   With all the new Microsoft Security products and AI on offer  (A) should we replace or augment? (B) What do you use to Administer the landscape from a single pane of glass. Both out Trend and managed Security Service Contracts are due to expire. (C) what gotchas do we need to lookout for if we decide to replace / retire any of the existing tools in our environment.

Read More Comments

We are considering engaging Beazley Security as a 24/7 SOC. They were brought to the table by our Cyber Insurance carrier. Does anyone have any experience with this firm?

Read More Comments

How has the COVID-19 crisis affected your IT priorities for 2022? (Select all that apply)

We will be spending more on remote technologies for employees to work from home51%

We will be spending more on network and internet security46%

We are planning to postpone major projects30%

We are planning to increase project load18%

It has not affected our IT priorities13%

Other (please share below)

View Results

When it comes to managing Microsoft users and identities, what task causes the most frustration for your IT Administrators?

Hybrid administration (across on-prem and Office 365)28%

Keeping groups accurate and up to date52%

Managing and optimizing Office 365 licenses17%

Creating new user accounts1%

View Results

What is the future of SIEM solutions and SOC? What are the various products available in the market? How does XDR enhance the efficiency of SIEM. 

Read More Comments

Are organizations managing IT security internally, or are they outsourcing to specialized security companies?

If they are outsourcing, how do they ensure the security vendor can handle all potential threats and vulnerabilities?

Read More Comments

A DNS outage at Akamai just took down a large chunk of internet services, including UPS, FedEx, Fidelity and LastPass experiencing downtime. Have you been affected by the outage?

Yes34%

No43%

Unsure22%

View Results

I'm interested in understanding your approach to establishing a two-way trust between Active Directories in the following scenario: A larger company A acquires a mid-sized or smaller-sized company B, at what point do you feel comfortable establishing a two-way trust between both Active Directories? The priority is to ensure business continuity without impacting their clients on both ends, while recognizing that integration would be significantly easier with a trust established. What would be your key considerations that you typically review prior to even entering discussions about this capability. My focus is on the prerequisites for trusting a new entity that was previously managed by another IT team within your organization. For example, do you conduct by default a full penetration test, assess the network and external-facing systems, perform policy health checks, evaluate conditional access settings, breach history of Company B and/or their vendors etc. and demand changes to get as close to your standard before proceeding? If yes how close do you get before feeling a little more comfortable before accepting all the risks?

Read More Comments

Are there any solutions currently in the market for Customization and Total Automation for Penetration Testing Reports?

Read More Comments

As I evolved my technology career, I relied on many models like ITIL, OSI, NIST, PMBOK, etc. What are the new models that better reflect the new ways of working? Does anyone still use any of the models I mentioned?  What do you all think I should learn more about in this regard? 

Endpoint Protection and Utilization of E5 Features:

- Do you use Microsoft Defender EDR for Endpoint EDR? If not, what product do you use (e.g., CrowdStrike, SentinelOne, CarbonBlack)?

- If you have Microsoft E5 licenses, are you utilizing all features as your primary and only solution for each domain (e.g., Endpoint protection, Information protection, vulnerability management)? Or do you have other solutions in place either alongside or in place of the included capabilities in E3/E5?

Read More Comments

Is anyone using ServiceNow for their workflow and ITSM needs? Do you manage your ServiceNow internally or do you outsource the mgmt of it to ServiceNow partner?

I have worked with few “expert” partners but have found that they lack the business context and domain expertise in the platform.

Any recommendation on best strategy and partners for managing ServiceNow platform?

Read More Comments