Toward a common UI for security operations

New dashboards and visualization tools could improve personnel training, and SOC productivity while streamlining security operations.

Social engineering / social media security / privacy breach / fraud
Chainarong Prasertthai / Getty Images

It’s 2020, yet many organizations still depend upon a myriad of disparate point tools for security operations, leading to many challenges.  According to ESG research these are the biggest challenges associated with managing an assortment of point tools:

  • it makes security operations complex and time consuming (35%)
  • it is difficult to get a complete picture of their security status at any time (35%)
  • triaging, prioritizing, and investigating all the security alerts generated (34%)
  • each security tool demands its own management and operations, straining the organization’s resources (33%)
  • the organization doesn’t have enough staff members or the right skills to manage all the tools effectively (25%)

This problem isn’t new.  Recognizing this problem in 2016, we at ESG came up with a new concept called a security operations and analytics platform architecture (SOAPA) designed to consolidate and integrate every layer of the security operations stack — from the raw data, through analytics, to day-to-day security operations processes (see Figure 1).

Figure 1: SOAPA Enterprise Strategy Group

Figure 1: SOAPA

SOAPA is a bottom-up stack in that it is meant to give SOC teams the ability to act upon security telemetry in real-time.  Think of actions like quarantining a system, patching a server, or investigating an incident, all based upon efficient data collection, processing, analytics, and well-orchestrated security processes. 

To continue reading this article register now

Subscribe today! Get the best in cybersecurity, delivered to your inbox.