The Second Building Block for the SOC of the Future: An Open Integration Framework

The SOC of the future must be data driven, so it’s essential that systems and tools can work together

As we turn the page on another year and read the columns on “what’s in/what’s out”, one of the trends in cybersecurity that is definitely “in” is Security Operations Center (SOC) modernization. Evidence continues to mount that it isn’t a matter of if, but when and how an organization will be attacked. With that, we see SOCs narrowing the focus of their mission to become detection and response organizations, and they need certain building blocks in place to prepare their SOC for the future.

Previously, I talked about data as the first building block for SOC modernization. Data is the lifeblood of security because it provides context from a wide range of internal and external sources, including systems, threats, vulnerabilities, identities and more. When security is data-driven, teams have the context to focus on relevant, high-priority issues, make the best decisions and take the right action. Data-driven security also provides a continuous feedback loop that enables teams to capture and use data to improve future analysis.