Every organization that either builds a security operations center or subscribes to the services of a managed security services provider (MSSP) hopes that the SOC is able to prevent, detect and respond to cyber related attacks. However, there is huge amounts of variability in SOC services, and it is very common for organizations to build or leverage SOC services that are mismatched to the threats that they face.
We have been working with industry bodies such as CREST, with other leading SOC providers and with our clients to build a SOC maturity model for organizations to measure their SOC against. This model is also useful tool to drive improvement and maturity in the level of services that a SOC is able to deliver.
We have built our maturity model around 4 levels, ranging from level 1 which is best efforts, up to level 4 which is high capable. Key Elements of the Maturity Models are as follows:
Maturity Level 1 - Best Efforts |
|
Maturity Level 2 - Limited Maturity |
|
Maturity Level 3 - Moderate Maturity |
|
Maturity Level 4 - High Capable |
|
Using the right building blocks to run your SOC
Many organizations aspire to run a security operations center that is at the highest level of maturity. However, this can only ever be possible if the correct building blocks have been deployed and the right kind of log, traffic, behavior and threat intelligence is being collected. For instance, a SOC provider that has the capability to operate at level 4, can only deliver level 4 services to clients if their clients estates have been configured to generate logs from all aspects of the kill chain. If the client only captures logs on core servers, and perimeter devices, the MSSP will only be able to deliver SOC services to that client that are at level 2 or level 3.
LRQA has an extensive suite of services designed to help organizations develop and enhance their security operations centers. We have in depth methodologies and development programs designed to help organizations detect and respond to sophisticated cyber threats. To find out more about how we can help measure the effectiveness of your current SOC solution, or support you enhance and develop your SOC to the next level, please get in touch.