In the 2017 State of Security Operations Report , the summary of findings can be broken down into 8 topics regarding major trends. Finding 2: Development of fusion centers
The development of security fusion centers (internal information sharing centers) was an emerging trend for many large enterprise and public sector security operations organizations in 2016. We repeatedly heard a common theme: The inability to see the complete risk and security picture from their existing Security Operations Center (SOC) environments spread across multiple regions and lines of business.
The issue:There are simply too many applications, data, systems, and users within functional groups. This is causing the organizations to struggle when attempting to consolidate the information necessary to make effective risk decisions. In an effort to quell this challenge, large organizations have attempted to hire more people and/or add additional technology solutions.
However, most organizations end up either:
1) Deploying tools that require support and generate more volume
2) Without the human expertise to support the environment
In a number of these organizations, siloed security operations are created that represent business units, an operating company, a department, or other logical divisions within the organization―each with varying degrees of maturity, and each providing visibility into a portion of the business but not the parent organization as whole. But there is another way.
We saw organizations that overcame these challenges through adopting an organizational model that designates or creates a SOC as a fusion center for the entire organization. These fusion centers provide:Process governance Information sharing Security expertise
This allows either each of the subscriber SOCs to collaborate more effectively or to “fold down” and become functional customers to one of the SOCs at a more mature service stage. Large organizations using this approach generally see an overall benefit from economies of scale and improved coordination from a reduced set of common processes, the use of common technology solutions, and the use of common metrics from a fusion center.
Interested in learning more? You can see other findings in the full report . Stay tuned for part 3 of this series, where I’ll give an overview of “Providing effective business metrics.”