Gartner® SOC Model Guide
Security teams are deploying more tools than ever. Almost three-quarters (70%) of respondents say they’ve invested in more than 5 new technologies in the last year, including 19% who say they’ve invested in more than 20.
Teams are struggling to implement the tools. Seventy-one percent report they are adding security technologies faster than they are adding the capacity to productively use them.
The burden of tools maintenance compromises threat response. Sixty-nine percent report their security team currently spends more time managing security tools than effectively defending against threats.
A majority of enterprises are less secure today as a result of tools sprawl. Over half (53%) say their security team has reached a tipping point where the excessive number of security tools in place adversely impacts security posture.
- Security operation center (SOC) requirements are often underscoped and misaligned across the organization, resulting in dissatisfaction with the performance of the SOC function.
- Failure to recognize the differences between different SOC model options forces organizations to select an antiquated or custom-made implementation that does not meet security objectives.
- Operating a SOC in a linear or static manner without accounting for changes in organizational requirements and/or the threat landscape results in SOC degradation.