2nd Edition

Tracking the trends and news for IT and IT Security

Paul

4 lessons from SOC metrics: What your SecOps team needs to know

android-chrome-192x192.png4 lessons from SOC metrics: What your SecOps team needs to know>
Tech Beacon – Robert Lemos
By creating measures around every aspect of the SOC’s operation, Basile aimed to find the most telling ways to determine whether the security team was doing its job of protecting all of the information and hardware at 11 universities serving the more than 150,000 students that make up the university system. In Micro Focus’ 2019 State of Security Operations, researchers found that SOCs tend to lack clarity in their goals and have problems documenting and executing repeatable processes. Here are four lessons gleaned from SOC metrics that SecOps teams should heed. 1. Metrics have a downside While metrics can give management a way to see what is happening in their SOCs, they should avoid the “call-center problem,” Wheiler said. The result can be performance that skews work toward worse performance on the actual company goalsâemployees try to get off the phone quickly, rather than solve a customers’ problems. 2. Obvious metrics can still be valuable The number of incidents triaged by an analyst, the mean time to close each issue, and the number of alerts that are found to be false positives are all valid metrics, as long as companies do not put too much weight into their significance, Blankenship said. Metrics that focus on the entire security process can be a strong measure of how secure a SOC is making the company. Attacker dwell time, for example, can only be determined after a full investigation, but it can give management a clearer picture of the overall effectiveness of the security team. 3. Gamifying leads to better statistics exas A&M University System’s Basile has created statistics on analysts, sort of “baseball cards” that give a picture of their most significant contributions to the security of the university system. 4. Coverage measures progress While other metrics can help analysts focus on specific aspects of security operations, making project plans and then measuring progress toward those plans can help motivate workers toward transformation, Forrester’s Blankenship said.
Link: https://techbeacon.com/security/4-lessons-soc-metrics-what-your-secops-team-needs-know

Categories:

Tags: