With all the acronyms floating around in cybersecurity, it is easy to get confused by what means what. Security information and event management, or SIEM, is often confused with security orchestration, automation and response, or SOAR, and vice versa. The reason why stretches beyond their similar syntax. Both SIEM and SOAR live in the security operations center and act as the key technologies to helping organizations detect and respond to threats in an organized and timely manner.

Before COVID-19 arrived, Tammy Moksites was a road warrior, hand-shaker and self-professed big hugger. So while she misses how life was before a worldwide pandemic exploded on the scene, the former corporate CISO for Home Depot, Time Warner Cable and Venafi (and now founder of strategic advisory firm CyAlliance) views this period as an opportunity for cybersecurity professionals, albeit one rife with new risks and challenges.

A successful response to a cybersecurity crisis scenario requires having a central integration hub where incidents are managed by security operations teams. This integrated crisis management capability is a must-have for when alerts are necessary to escalate to a cross-organizational response. Sure, you can train for these situations with tabletop exercises or well-baked proactive incident response strategies, but like any crisis, nothing is like the real thing.

Today we published the 2020 Devo SOC Performance ReportTM. The subtitle, A Tale of Two SOCs, underscores that there are two types of security operation centers (SOC): those that are performing reasonably well and those that are struggling. As someone who has worked in cybersecurity for more than 20 years, I find the results of our second annual SOC report informative, instructive, and also extremely irritating.

Managed SOC, also known as SOC as a Service, is a subscription-based offering whereby organizations outsource threat detection and incident response. Based on the concept of turning an internal security operations center (SOC) into an external cloud-based service, a managed SOC offers IT organizations external cybersecurity experts that monitor your logs, devices, cloud environments, and network for known and evolving advanced threats.

A well-run security operations center (SOC) stands as the central nervous system of an effective cybersecurity program. SOCs serve as a hub of organization-wide detection and response capabilities for the people tasked with stopping cyber threats within their organization.