02-08-2022, 12:01 PM
Hi Rob,
There are a number of technologies that I think would be useful to be included in this document, below are the key ones:
EDR: This is being used more and more by SOCs for monitoring endpoints in piticular.
Threat Intelligence (TI) platforms: TI is critical to all mature SOCs. TIPs in vendorland have become a massive thing, there is also a wide range of open source tools covering this space. I personally would include TI as its own domain, but I would love at least see it included as a tool on the next SOC-CMM.
Vulnerability Management: again something that is becoming more prevalent in SOCs, at least as log source, but often being managed from the SOC as well.
Cheers
TJP
There are a number of technologies that I think would be useful to be included in this document, below are the key ones:
EDR: This is being used more and more by SOCs for monitoring endpoints in piticular.
Threat Intelligence (TI) platforms: TI is critical to all mature SOCs. TIPs in vendorland have become a massive thing, there is also a wide range of open source tools covering this space. I personally would include TI as its own domain, but I would love at least see it included as a tool on the next SOC-CMM.
Vulnerability Management: again something that is becoming more prevalent in SOCs, at least as log source, but often being managed from the SOC as well.
Cheers
TJP