Speakers
Synopsis
Security Operation Centres (SOC) have evolved rapidly in response to the demands for proactive detection and defence. Being the eyes on glass, SOC play a vital role in keeping hackers out and sensitive data in. Management of SOC is an ongoing improvisation process that has been widely researched and published. Particularly, evaluation of SOC performance metrics and Key Performance Indicators (KPIs) are key in aligning the efforts of our, often working 24/7, staff of analysts and engineers to business objectives, ultimately contributing towards a safer digital world for all.
This research and presentation attempt to bring forth the best practices, global guidelines and standards, with the aim of exploring future directions in SOC metrics and performance measurements that will enhance SOC capabilities even further whilst keeping in tandem with the complexity of cyber-attacks.
Brief history of Security operations centre:
The concept of a Security Operations Centre (SOC) has evolved over time in response to the increasing sophistication of cybersecurity threats. History helps in understanding trends in progress that are important to project prediction in future.
Why do we need SOC metrics and performance measurements?
SOC metrics provide quantifiable data about how the SOC is performing in terms of efficiency, impact and efforts.
KPIs measure up current performance data against benchmarks as set by the management objectives.
SOC metrics and KPIs inform cybersecurity strategy and help shape business outcomes.
SOC metrics are quantified in following ways: Mean Time to Detect (MTTD), Mean Time to Respond (MTTR), Incident Closure Rate are discussed in this section.
SOC KPI for strategic evaluation is quantified in following ways: False positive rate, Threat intelligence integration, Incident containment rate.
Industry best practices:
Mitre outlines 11 strategies of world class Cyber Security operations centres. This section will outline and summarise SOC metrics as strategized by Mitre.
The NIST Cybersecurity Framework (CSF) provides broad, voluntary recommendations for enhancing cybersecurity. This section elaborates on the NIST CSF.
The human element in SOC metrics:
Human behaviour of the staff drives its efficiency. It is important to see where human behaviour can be influenced to make the most efficient SOC. Policies and company culture drive human behaviour and contributes to the success of the SOC.
Future trends in SOC metrics:
Artificial intelligence and Machine learning, automation, formulating custom metrics that reflect complexity of the cyber threats is going to be more important than ever. This section will identify gaps in current SOC processes and predicting future trends in SOC, exploring how SOC metrics can be used to solve existing problems in SOC. Some of these problems are use of multiple platforms, increasing in complexity when the SOC is a managed SOC with multiple customers, and collating the metrics to give a realistic picture is a challenge. An attempt to find custom metrics that could be added to the SOC metrics playbook will be identified in this section.
In conclusion, future of SOC metrics is that they need to be flexible, predictive and customised to address the complexity of cybercrimes.
