“You simply cannot do incident response and all the functions of a security operations center anymore without vendor operational support.” That is a paraphrased version of what a colleague told me recently. At first, I raised my eyebrows; I’m a huge believer in self-reliance. After more consideration, though, I saw more than a little truth in the statement.

A typical modern SOC covers numerous functions, including incident response, intrusion detection system (IDS) monitoring, threat hunting and threat intelligence. And that’s pretty much the bare minimum. Of course, in smaller environments, some of those functions may well be handled by the same person, but the functions nonetheless need to be there. This is 2016, after all.

To read this article in full or to leave a comment, please click here