Gartner发布安全运营中心（SOC）模型指南

需积分: 5 5 浏览量 2023-11-16 15:29:35 上传评论收藏 253KB PDF 举报

资源推荐

资源详情

资源评论

Gartner, Inc. | G00787022

Page 1 of 12

SOC Model Guide

Published 18 October 2023 - ID G00787022 - 11 min read

By Analyst(s): Eric Ahlm, Mitchell Schneider, Pete Shoard

Initiatives: Security Operations; Build and Optimize Cybersecurity Programs; Meet Daily

Cybersecurity Needs

Choosing the right security operations center model for an

organization is not just a matter of hiring a team or a service

provider. Security and risk management leaders must carefully

consider operational responsibility and understand the risks,

before probably choosing a form of hybrid model.

Overview

Key Findings

Recommendations

When designing a SOC, security and risk management (SRM) leaders should:

Scaling up a security operations center (SOC) with only internal staff is difﬁcult, if

not impossible, for most organizations.

■

Some SOC tasks are strategic, such as those performed by the roles of senior

investigator, incident response manager and red team tester. They are often best

performed by in-house staff who understand the business’s needs and the security

issues.

■

Other SOC tasks are tactical, such as building detection content for common

attacks. They are generally best performed by a larger external team, which can do

them more efﬁciently, on a bigger scale, and for longer periods.

■

Organizations working with security service providers commonly assume their

provider is fulﬁlling objectives that are neither contracted for nor part of its

responsibility.

■

Use their threat detection needs as requirements when building a SOC model.

■

This research note is restricted to the personal use of chenlizhen@qianxin.com.

Gartner, Inc. | G00787022

Page 2 of 12

Introduction

Building a SOC is a journey, one that never ends, as the requirements continuously

change. It takes continuous growth and analysis to ensure a SOC’s performance does not

decline and its costs do not go over budget.

Opting for a hybrid SOC is one way to help grow capabilities, while managing scale and

cost. A hybrid SOC is one in which more than one team, both insourced and outsourced,

plays a role in the activities required for proper SOC operation. The question of which

teams, roles, jobs and activities are best kept in-house or outsourced is complex. Building

a SOC model helps you answer it and ensure a hybrid SOC is well-balanced.

A SOC model deﬁnes a strategy for variation in the use of internal teams and external

service providers when running a SOC. It ensures all roles required to operate a SOC are

allocated to those best suited to discharge the associated responsibilities.

An effective SOC model lets SRM leaders allocate resources based on business priorities,

available skill sets and budget; a mix of insourcing and outsourcing is the most common

approach. A SOC model allows for strategic decisions, such as making generic SOC tasks

key targets for outsourcing, while stafﬁng more sensitive functions internally. There are

also some tasks that are so specialized that having people on the payroll to perform them

will be hard for most organizations to justify.

Figure 1 shows a simpliﬁed SOC model. A manager must assess the SOC’s objectives and

the technical capabilities required to fulﬁll them. Technical capabilities will require people

with speciﬁc talents and abilities. How the operational team is formulated will directly

impact the SOC’s overall performance.

Build a SOC model that strikes the best balance of internal teams working on

strategic objectives and service providers working on tactical objectives.

■

Use service providers for roles best performed on a large scale or that require speciﬁc

threat knowledge, operational techniques or tool administration skills.

■

Use internal staff for roles involving both security knowledge and business

operations, such as senior investigator, incident response manager and red team

tester.

■

This research note is restricted to the personal use of chenlizhen@qianxin.com.

剩余11页未读，继续阅读

评论收藏

内容反馈

lurenjia404

粉丝: 1663
资源: 113

Gartner发布安全运营中心（SOC）模型指南

安全运营中心(SOC)的建设方式.pdf

安全运营中心(SOC)的建设方式.docx

Gartner 2023年7月份发布了安全运营Hype Cycle，这些资料对安全运营做了前瞻性的分析 有时间可以读读

关于安全运营中心（SOC）实施经验分享的分析说明.zip

Gartner发布安全领导者数据安全指南

【精编】体系化实战化一体化安全运营中心建设方案合集.zip

智能安全运营中心建设方案合集【专家级】.zip

云迁移安全(一)：Gartner的5R安全迁移模型.docx

Gartner发布2023年安全运营技术成熟度曲线

安全运营中心（SOC）实施经验分享完整版.pptx

关于IBM企业安全运营中心（SOC）实践分享的分析说明.zip

Gartner发布风险和安全管理领域的生成式人工智能创新指南

王任飞-谈谈如何建设体系化的安全运营中心(SOC).pdf

Gartner发布降低软件供应链安全风险指南

Gartner发布漏洞评估市场指南

Gartner：用自适应安全架构来应对高级定向攻击

Gartner - 2021 Hype Cycle for Security Operations 安全运营技术成熟度曲线

Gartner_IT企业成熟度模型.pdf

Gartner发布2022年主要安全和风险管理趋势.docx

大数据智能安全运营中心( SOC )解决方案.ppt

IBM企业安全运营中心（SOC）实践分享.pdf

Gartner：企业信息管理成熟度模型（中文版）.pdf

Gartner发布中国零信任网络访问市场指南

Gartner发布生成式AI试点应用指南

Gartner发布XDR扩展检测和响应市场指南

Gartner发布2023年中国安全技术成熟度曲线

Gartner数据安全平台融合战略路线图（材料分析整合）

Gartner 2017年网络安全综合报告

Gartner发布数据安全治理指南：采取四个关键步骤，加快数据安全治理的采用

最新资源

Gartner 2023年7月份发布了安全运营Hype Cycle，这些资料对安全运营做了前瞻性的分析有时间可以读读