Gartner®: SOC Model Guide
Gartner Releases Their Hybrid-Internal-Tiered SOC Model Guide
As per Gartner, "Selecting the appropriate security operation center model is challenging, choosing the wrong SOC model can lead to a poor security posture, increased risk, and overexerted security teams. Security and risk management leaders should use this guide to identify which model aligns to their needs."
Gartner defines a SOC as "an organizational function that has the responsibility for managing processes which are designed for identifying, investigating and remediating security incidents". The modern SOC is constantly evolving, and security leaders are realizing that the traditional notion of what a SOC looks like is no longer relevant for many organizations.
The three SOC models covered in the guide are:
1. Hybrid: "A hybrid SOC is a combination of internal and outsourced resources that delivers a combined SOC function to meet organizational needs."
2. Internal: "The defining attribute of an internal SOC is to have a 24/7 centralized threat detection and response function, with a dedicated team and robust processes and workflows. It is self-contained, possessing all of the resources required for continuous day-to-day security operations."
3. Tiered: "A tiered SOC model has multiple independently operated SOCs within the same organization that are synchronized by a top-tier (command or parent) SOC, to deliver unified threat detection and response."
This report covers:
- How choosing the wrong SOC model may weaken your security posture
- How and why to implement a hybrid, internal, or tiered SOC model
- Assessment measures for determining the right SOC model for your organization
Read this report to learn about the recommendations for security leaders when evaluating a SOC Model.
Gartner, SOC Model Guide, John Collins, Mitchell Schneider, Pete Shoard, 19th of October, 2021