“If you torture the data long enough, it will confess.”Ronald H. Coase, Essays on Economics and Economists
Security Tools and Technologies produce an enormous amount of data. It is commonplace to have hundreds of thousands, if not millions, of data points in a day for medium to large organisations.
All of this data is just noise if there is no meaning attached to it. The noise which, if not decoded and interpreted correctly, causes cyber teams to struggle to ensure that their efforts are focused on what matters the most, while at the same time depriving the executive management of the right level of information to be able to fulfil their commitment to the business.
This is why one of the key functions of a Security Operations Centre is to collect, formalise and share the right level of information. The scope and context of this information are indeed security-oriented however the coverage extends beyond what is captured and produced by the Security Operations Centre alone. A significant part of this information is likely to be shared by other departments, mainly but not restricted to IT Operations.
It is then the job of the SOC to collate, correlate, interpret and formalise this flurry of disparate data into SMART (Specific, Meaningful, Appropriate, Relevant & Timely) information in a format suitable to individual stakeholders, which in turn will help them make informed decisions.