Peer-Driven Insights

Security Operations Center (SOC)

Active Ambassadors in This Topic

Pradeep Rao

Pradeep Rao

Kyndryl

IT Services, 10k+

India
Chris Oehlerking

Chris Oehlerking

Honeywell

Manufacturing, 1k - 5k

United States
R

Ray Tan

Bayer

Healthcare and Biotech, 10k+

Singapore
View All Community Ambassadors

Community Posts

Employee Count and Licensing Usage:

- What is your employee count?

- Do you use Microsoft E3, E5, or a variation (e.g., E3 + Security E5)?

- Do you rely only on Microsoft EOP and/or Defender for O365 for email protection? If not, what other product(s) do you use (e.g., Proofpoint, Abnormal)?

Read More Comments

I am currently conducting research on emerging trends in Security Operations.  Specifically, I am focusing on how organizations are approaching Tier 1 (alert triage) and Tier 2 (root cause analysis) SOC functions. I would greatly appreciate your input on the following: Are you seeing these functions being outsourced in your organization or others you are familiar with? If so, at what company size or operational scale does outsourcing typically begin? Are there any approximate annual cost ranges you have seen for outsourced Tier 1 and/or Tier 2 activities (including tools and personnel)?

Read More Comments

Who owns Communication in Network vs. Security Incidents? Best Practices & RACI Guidance Needed In many organizations, Network and Security teams both play a role in incident response, especially when firewall or SASE issues impact network performance. When an issue is first diagnosed by the Network team but determined to be security-related, who should own the ongoing communication, resolution updates, and root cause reporting? I’d love to hear from the community:  • Are there best practices, ITIL/ITSM frameworks, or RACI models that clarify ownership?  • How does your organization handle communication handoffs between Network and Security teams?

What is your biggest headache when dealing with your IT company?

Cost28%

Repeat Issues42%

Response Time22%

Customer Service6%

View Results

We need to review our security strategy.  Currently we use a service provider to provide SIEM and SOC services.  They use Manage Engine and OberserveIT. They also patch and upgrade our endpoints. Tend Vison one is the foundation on which we have built our endpoint protection.   With all the new Microsoft Security products and AI on offer  (A) should we replace or augment? (B) What do you use to Administer the landscape from a single pane of glass. Both out Trend and managed Security Service Contracts are due to expire. (C) what gotchas do we need to lookout for if we decide to replace / retire any of the existing tools in our environment.

Read More Comments

We are considering engaging Beazley Security as a 24/7 SOC. They were brought to the table by our Cyber Insurance carrier. Does anyone have any experience with this firm?

Read More Comments

What is the future of SIEM solutions and SOC? What are the various products available in the market? How does XDR enhance the efficiency of SIEM. 

Read More Comments

Are organizations managing IT security internally, or are they outsourcing to specialized security companies?

If they are outsourcing, how do they ensure the security vendor can handle all potential threats and vulnerabilities?

Read More Comments

I'm interested in understanding your approach to establishing a two-way trust between Active Directories in the following scenario: A larger company A acquires a mid-sized or smaller-sized company B, at what point do you feel comfortable establishing a two-way trust between both Active Directories? The priority is to ensure business continuity without impacting their clients on both ends, while recognizing that integration would be significantly easier with a trust established. What would be your key considerations that you typically review prior to even entering discussions about this capability. My focus is on the prerequisites for trusting a new entity that was previously managed by another IT team within your organization. For example, do you conduct by default a full penetration test, assess the network and external-facing systems, perform policy health checks, evaluate conditional access settings, breach history of Company B and/or their vendors etc. and demand changes to get as close to your standard before proceeding? If yes how close do you get before feeling a little more comfortable before accepting all the risks?

Read More Comments

What is the best security course you have completed?

CISSP32%

CISM34%

CEH9%

Security+11%

SSCP2%

Other10%

View Results

Would you support the convergence of Security Operations Center (SOC) and Network Operations Center (NOC) functions to: 
1) Drive operational efficiency 
2) Reduce costs through automation, and;  
3) Align tools and processes under a unified, standardized platform offering a single-pane-of-glass view of security and network telemetry?

Yes79%

No11%

Maybe11%

View Results

Are there any solutions currently in the market for Customization and Total Automation for Penetration Testing Reports?

Read More Comments

As I evolved my technology career, I relied on many models like ITIL, OSI, NIST, PMBOK, etc. What are the new models that better reflect the new ways of working? Does anyone still use any of the models I mentioned?  What do you all think I should learn more about in this regard? 

Endpoint Protection and Utilization of E5 Features:

- Do you use Microsoft Defender EDR for Endpoint EDR? If not, what product do you use (e.g., CrowdStrike, SentinelOne, CarbonBlack)?

- If you have Microsoft E5 licenses, are you utilizing all features as your primary and only solution for each domain (e.g., Endpoint protection, Information protection, vulnerability management)? Or do you have other solutions in place either alongside or in place of the included capabilities in E3/E5?

Read More Comments

Is anyone using ServiceNow for their workflow and ITSM needs? Do you manage your ServiceNow internally or do you outsource the mgmt of it to ServiceNow partner?

I have worked with few “expert” partners but have found that they lack the business context and domain expertise in the platform.

Any recommendation on best strategy and partners for managing ServiceNow platform?

Read More Comments

Wondering if any Fortune 500 companies have gone all in on Microsofts E5 security suite? If so, any regrets?