After you have finished impressing your VIPs, what actionable information should be displayed in your SOC to help them respond to threats in your environment?
Consider spending time this week ensuring your SOC wall is populated with meaningful screens that add value to your SOC by asking these questions.
- Which security controls are not sending data to your SOC?
- Would your SOC know when your most critical systems stopped sending their logs?
- What is the baseline of traffic volume in and out of your sensitive network zones?
- What is the health status of your security agents?
Share what you find valuable on your SOC wall!
(Via SANS Internet Storm Center, InfoCON: green)
Typical mistakes of SOCs – forgetting the audience, not accommodating multiple audiences, and not providing content tailored to each audience. Metrics, analytics, dashboards, and reporting are every bit important as any other SOC function.