SOC Analytics: Building the Right Toolset

As attackers become more adept at evading “reactive” security controls and alert mechanisms, proactively analyzing the behaviors of people and systems is critical to detecting malicious activity, says Gartner’s Kelly Kavanagh.

“What we have seen over the years is an increasing requirement for SOCs [security operations centers] to be more proactive, rather than reactive; to move beyond alert triage into the ability to do deeper and faster response,” he says in an interview with Information Security Media Group. It’s essential to look for threats in the environment “before they manifest themselves in alerts or behavior that might be indicative of malicious activity outside or inside the organization,” he says.

In this audio interview (see player link below image), Kavanagh talks about:

  • Selecting the right analytics toolset to build a proactive SOC;
  • Tools that are indispensable in a modern SOC;
  • The balance between big data analytics and security information and event management, or SIEM.

Kavanagh is senior principal analyst in Gartner’s information security and privacy program. He has been at Gartner for 18 years, and has over 32 years of industry experience. Kavanagh focuses on professional and managed services for network and internet security. He conducts research on end-user requirements and vendor portfolios for managed services.