Today, most SOC managers and CISOs are using metrics to track the security posture and measure their SOC’s performance (along with the metrics used for threat analysis).
Assuming management has access to this broad set of security operations data, and an easy way to extract insights - what questions would they ask?
What are those slippery topics that they just can’t seem to answer (but really wish they could)?
And finally, what are your essential metrics today?
Hey, so I guess measuring real dwell times on threats, identifying analysts' struggle patterns and understanding the ROI of security are the top metrics we keep seeing on customer sites, at least in Enterprise security operation centers.
MSSP SOC will measure some of those but also rely on heavily monitoring the relationship with the end customer.
Two quick that are asked all the time.
Good points @Szymon_Kozicki
I think that demonstrating successful alert handling with a few simple numbers could be a great tool for showing the ROI of the SOC to higher management.
Low levels of incidents, high rate of alert handling (either by security analysts or by automation) and tools efficiency are a great start when trying to justify the investment put into a SOC.
how can we build a custom dashboard that incorporates essential metrics to be shown to CISO or higher management in an enteprise organisation using siemplify for MSSP providers?