Anton and I have been probing the social media for some time about the trends related to SOC and incident response teams. All that work finally made its way into our “How to Plan, Design, Operate and Evolve a SOC” paper. It is the same paper we published a couple of years ago, but updated to reflect some things we’ve seen evolving since the first version, such as:
- SOAR tools evolution and growth in adoption
- Further convergence between security monitoring and incident response
- Higher adoption of services to supplement internal capabilities
We also updated the guidance figure to include more details for each phase:
Please provide feedback if you read it via https://surveys.gartner.com/s/gtppaperfeedback
The Gartner Blog Network provides an opportunity for Gartner analysts to test ideas and move research forward. Because the content posted by Gartner analysts on this site does not undergo our standard editorial review, all comments or opinions expressed hereunder are those of the individual contributors and do not represent the views of Gartner, Inc. or its management.