1、SurveySANS 2022 SOC SurveyWritten by Chris Crowley and Barbara FilkinsMay 20222022 SANS Institute2SANS 2022 SOC SurveyExecutive SummaryThe content of this years SANS SOC Survey explores the ongoing development and progress of the security operations center(SOC).Herein we explore details of who answe

2、red the survey,the key takeaways we observe in their responses,and the challenges everyone seems to face.The survey explores what people consider SOC capabilities,as well as the staff,technology,deployment strategies,and the funding it takes to secure and operate this gamut.So how are SOCs evolving?

3、To date,our definition of a SOC remains conceptual,built around the capabilities required by business-specific goals of an organization.A SOC framework is not necessarily aligned with a reference architecture but comes from the technologies in use and the individuals who make up the SOC team to acco

4、mplish capabilities.In planning this survey,we took a capabilities-based approach to determine the current SOC landscape,with the goal of surfacing results that can help you assess your performance compared with your peers.In that regard,here are the top five questions you might want to consider and

5、 our insights from this years survey:1.Are trends going in the right direction?Results from 2021 to 2022 show a decrease in both incidents and breaches from incidents.This is a positive trend,but the question is,can it continue?2.Does staffing match growth?Hiring,retention,and turnover are key chall

6、enges.Consider comparing how your organization lines up against the survey results.3.Do capabilities match business need?The leading items for survey respondents are detection/monitoring,vulnerability assessments,incident response,and alert triage and escalation with capabilities balanced between in