Using advanced analytics for the insights of tomor...

Olena_Lovkova · ‎03-31-2020

Today, most SOC managers and CISOs are using metrics to track the security posture and measure their SOC’s performance (along with the metrics used for threat analysis).

Assuming management has access to this broad set of security operations data, and an easy way to extract insights - what questions would they ask?

What are those slippery topics that they just can’t seem to answer (but really wish they could)?

And finally, what are your essential metrics today?

Nir_Loya · ‎03-31-2020

Hey, so I guess measuring real dwell times on threats, identifying analysts' struggle patterns and understanding the ROI of security are the top metrics we keep seeing on customer sites, at least in Enterprise security operation centers.

MSSP SOC will measure some of those but also rely on heavily monitoring the relationship with the end customer.

Szymon_Kozicki · ‎04-30-2020

Why do we spend that much money on security if you only handle X incidents?
What value to the business do you really provide?

Two quick that are asked all the time.

Report Inappropriate Content · ‎05-14-2020

Good points @Szymon_Kozicki

I think that demonstrating successful alert handling with a few simple numbers could be a great tool for showing the ROI of the SOC to higher management.

Low levels of incidents, high rate of alert handling (either by security analysts or by automation) and tools efficiency are a great start when trying to justify the investment put into a SOC.

Jun_Leow · ‎07-25-2022

how can we build a custom dashboard that incorporates essential metrics to be shown to CISO or higher management in an enteprise organisation using siemplify for MSSP providers?

Using advanced analytics for the insights of tomorrow