Security operations, or SecOps, has had a direct, if increasingly challenging, mandate since the dawn of enterprise networking: detect, respond to, predict and prevent cyberattacks. But SecOps roles and responsibilities are shifting to accommodate growing interest in an offensive, rather than defensive, approach to cybersecurity. By staying ahead of threats and anticipating bad actors’ next moves, security leaders aim to thwart attacks before they happen.
Security operations centers (SOCs) are also changing and becoming more prevalent. Traditionally, only the largest enterprises have had dedicated SOCs to collect, filter and act upon security data. But, according to research from Gartner, a growing number of organizations of all sizes now have some type of SOC function, with the ability to choose from several models:
- Virtual SOC. Internal or third-party SecOps professionals operate entirely online, often part-time but possibly 24/7.
- Multifunction SOC. An internal team works in a dedicated physical space, performing SecOps functions in addition to other IT tasks, part-time or 24/7.
- Hybrid SOC. Internal employees, third-party contractors or a mix of both perform…
