According to HPE experts, the most common

rakhirhif8963 · Post by **rakhirhif8963** » Sun Feb 09, 2025 5:21 am

According to statistics collected by HPE specialists, only 25% of organizations were able to organize the effective operation of their SOC. According to Gartner estimates, the reasons for such a low success rate lie in the organizational aspects of implementation and operation.

mistakes in the organization and daily work of situation centers (SOC) are the following.

Weaknesses in the organization of the support process . SOC employees have to interact frequently with most departments of the organization, and without management support and a clearly defined goal, it is impossible to ensure effective incident handling.

Focus on technical solutions. SOC budgets are biased towards funding the implementation of technical solutions with insufficient qualifications and number of specialists, while most modern threats require highly qualified personnel, primarily analysts, and a high level of organization of incident investigation work.

Violation of the "from simple to complex" principle. Tails in nepal mobile database to basic information security tasks inevitably lead to difficulties in solving higher-level tasks. Information asset management, personnel information correlation, information asset categorization - this information is basic when investigating incidents.

Lack of focus. Solving tasks that are not typical for the SOC has a negative impact on the performance of its personnel. The SOC manager must ensure that his employees are not distracted by extraneous (for the SOC) matters.

For the sake of "checking the box". Unfortunately, formally solving the problems of ensuring compliance (with the requirements of regulators or management) does not always lead to a significant increase in the level of security.

"Fire" and forget. Funding for situation centers often ends with implementation, and the provision of resources for day-to-day operations turns out to be insufficient.

The logic of incident detection is not communicated to the duty shift. Insufficient communication between monitoring operators and analysts leads to the fact that the created content (rules, reports, dashboards) is not used or is used ineffectively.