Newsflash: +++ Hackers Stole Over 6.42 Million SHEIN Customers' Data +++ SAP Customer British Airways hacked: Hackers steal financial data in BA website attack +++ The same hacker group who breached Ticketmasters were behind the British Airways attack, using DIGITAL SKIMMING +++

Milky Blog

know what’s going on out there about SAP®

  • Blog
  • Read Our Rules

How SOC metrics improve security operation centers' performance

By Hendrik Jansen  - October 8, 2018

To some, metrics are the holy grail of information (also security information). Being able to monitor, measure and communicate the information security state of an enterprise can be powerful and seems to be an executive management requirement to report on the state of the business.

While some enterprises are still struggling with all of the metrics and the changing landscape of tools and processes used as data sources, one rapidly maturing area is security operations center (SOC), where defining parameters has been a challenge.

In this tip, we'll take a closer look at security operation center (SOC) metrics and ways to improve an enterprise's security posture.

SOC metrics

Once enterprises realized that just looking at log data from their IT environment was a good starting point, soon you find out in itself it is insufficient, network operations centers (NOC) are evolving, and dedicated security operations centers are formed. Security operation centers are handling many more and different functions, like monitoring logs, responding to incidents and security administration, all coordinated via people, processes and technology.

Many SOCs are evolving from the just the enterprise SIEM systems used to fully monitoring environments, trends, and are trying to become predictive rather than reactive. Managed security service providers (MSSP's) and cloud services companies are creating services for enterprises to help, add, outsource or co-source an enterprise's internal resources. Remember there is a HUGE shortage of available skills in this market.

As SOCs start to mature, analytics and decision support are MUST HAVE to be included to drive more value for enterprises and to provide insight into how effectively security resources are being used. As SOCs continue to mature, the need for metrics and their supporting definitions is becoming more important, as is using the metrics to make changes and monitor the environment. Even defining what constitutes an incident is essential, as not all security incidents have the same impact or require the same response.

The SANS Institute offers several papers related to SOC metrics, and the NIST hosts the National Vulnerability Database, which provides parameters for tracked vulnerabilities.

When developing SOC metrics, identifying the highest value processes or areas that need the most resources can help determine where metrics and management attention may be needed the most. This identification may not be so hard if you think where the heart and soul of your enterprise is ....... (yes, you got, it is your ERP)

When SAP® is your ERP, monitoring SAP® should be part of continuous SOC monitoring to make sure these mission-critical systems, processes and data are protected.

Whether you insource, outsource or co-source this part of the SOC, it is critical to set these metrics upfront and include them in a contract (SLA) to ensure that the SOC can generate the data and support the required parameters.

Ways to improve an enterprise's security posture

Monitoring firewall alerts for example or failed logins alone may be useful if there is a sudden increase, and retaining that data for forensics or incident response is absolutely necessary. However, monitoring over time may not yield actionable information without correlation and analysis.

Knowing what SAP® processes or events to be brought into monitoring with a SOC is something to be clear about.

CyberSecurity is rapidly changing because of the digital transformation exponential speed of the curve. It is continuing to evolve to drive more value for enterprises. As SOCs also continue to develop, their importance to the enterprise is increasing and helping to drive more improvements to enterprise information security programs and improve the security posture of companies.

It forces SOC's and CISO's /CIO's to think about a few things:

- what are the TRUE critical systems and applications

- do we have them transparent enough from a monitoring point of view

- do we build out these competencies in-house

- when do we make the next step

- is there a partner who has done this before


Where does your SAP® security stand?


partial repost of Nick Lewis -

Picture ©: GettyImages-653137674-solarseven

Enroll and receive updates!

Popular posts

We take privacy seriously! This is what happens to your data:

  • Data from forms and website-tracking can be saved for analysis.
  • Data can be evaluated for optimizing the website. This enables us to better understand what our visitors are interested in. We primarily use Hubspot for this tracking. You can find more information on this in our privacy policy linked at the bottom.
  • We do not share your data with third parties. In the context of events in which you want to participate it might be necessary to submit your data to contractors.
  • You have the right to have your personal data corrected, deleted or transfered to you at any time.
  • You can withdraw your consent to any sort of communication with us at any time.

More details about what we do and don't do with your personal data can be found in our privacy policy, or you can directly contact me by e-mail!

Felix Möckel
Data Protection Officer