Why have Security Operations Centers needed to change? What does a SOC do? A well-functioning Security Operations Cente can form the heart of effective detection. It can enable information security functions to respond faster, work more collaboratively and share knowledge more effectively. This document is intended to provide the reader with insights into the evolving state of SOCs in the context of emerging cyber threats. For a more introductory overview of fundamental SOC principles, we recommend reading Security Operations Centers — helping you get ahead of cybercrime. www.ey.com/SOC How SOCs keep up with the latest threats 0% 10% 20% 30% 40% 50% 60% Our SOC has analysts that read and subscribe to specific open 50% source resources Our SOC collaborates and shares data 43% with others in our industry Our SOC has a paid subscription to 41% cyber threat intelligence feeds Our SOC has dedicated individuals focusing solely on 31% cyber threat intelligence In comparison with last year’s Our SOC collaborates and results, respondents to the 2015 shares data with other public SOCs 29% survey recorded a marked increase in activity across all aspects of how their SOCs keep abreast of the None of the above 10% latest threats. This indicates that organizations are making more Don’t know concerted efforts to formalize 13% and expand their SOC capabilities to better address emerging and increasingly sophisticated threats. 51% 23% Only 51% of organizations with a Only 23% consider their SOC to SOC initiate an investigation within be tightly integrated with heads of one hour of a discovered incident business to regularly understand business concerns Using cyber analytics to help you get on top of cybercrime — Third-generation Security Operations Centers | 3