June 2, 2021

Security Operations At My Organisation

Hi,

I am a SOC manager and work at a large health organization 29k Endpoints, around 30k users.

We use TrendMicro for our EDR, NIDS/NIPS, Email Security and Cloud Security.
We also use Splunk to ingest logs from the appropriate data sources (Cloud, Proxy, Firewalls, Trend, etc..)

The SOC only own Splunk and do not own the Trend Micro Suite, the Trend Micro suite is owned by a team full of System engineers who have no idea about security yet they are tasked with making changes to the tool, when the SOC raise requests to fix and get stuff tuned they ignore and resolve the tickets without getting them done correctly. The SOC are at the mercy of the Trend Micro platform owners who are not security focused. The CISO has stated that the SOC are a consumer of the logs and not responsible for managing the tools. I have tried to convince him but he seems stuck on thinking that the SOC are only for detection and response.

My question, SHOULD THE SOC OWN THE SECURITY TOOLS used by the org (Trend Micro) so they can make the relevant changes, tune the alerts on the tools, and prioritize where need be.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.