02-16-2022, 09:10 AM
Hi TJP,
Thank you for the input. I agree that TI and vulnerability management are relevant to most SOCs. This is why they are part of the services domain, and the capabilities mentioned there also include the technical side of these solutions. TI as a separate domain is an interesting thought, because it is not 'self-contained' but has a broad function within the SOC and even outside the SOC in the organisation. Within the SOC-CMM, it is 'just' a service. Note that this does not make it less important. In my opinion, the importance does not come from its place in the SOC-CMM, but its place in the organisation. I will have a look on how well the SOC-CMM covers the broader function of TI within the organisation. (will go on the todo list)
EDR is not yet in place in the technology domain. I have plans to transform the technology domain into the visibility triad, augmented with SOAR. The visibility triad will include EDR as well, but I'm also looking into XDR at the moment.
Regards,
Rob.
Thank you for the input. I agree that TI and vulnerability management are relevant to most SOCs. This is why they are part of the services domain, and the capabilities mentioned there also include the technical side of these solutions. TI as a separate domain is an interesting thought, because it is not 'self-contained' but has a broad function within the SOC and even outside the SOC in the organisation. Within the SOC-CMM, it is 'just' a service. Note that this does not make it less important. In my opinion, the importance does not come from its place in the SOC-CMM, but its place in the organisation. I will have a look on how well the SOC-CMM covers the broader function of TI within the organisation. (will go on the todo list)
EDR is not yet in place in the technology domain. I have plans to transform the technology domain into the visibility triad, augmented with SOAR. The visibility triad will include EDR as well, but I'm also looking into XDR at the moment.
Regards,
Rob.