Protect Your Assets

Implementing intelligent SecOps capability

Implementing intelligent SecOps capability

Respected Contributor... Cami_Lewis Respected Contributor...


What does it take to implement an intelligent security operations capability?  An intelligent security operations center (SOC) is not a technology-in-a-box solution but is a process of maturation and advancing competencies within an organization. In this new whitepaper by HPE Security, you will be guided through a roadmap for building an intelligent SOC step-by-step. 

What separates an intelligent SOC from a SOC?  Read an excerpt from the paper: 

“Mature organizations are able to move into the realm of analytics-driven intelligent SOCs. These intelligent SOCs allow enterprises to move beyond detecting and responding to known attacks into the realm of identifying unknown attacks and anomalous behavior. Collecting large amounts of data is not useful by itself. A guiding vision and plan is needed in order to build systems that will grow with the business needs.”



Whether you are starting from scratch or looking to take your security operations to the next level, this paper can be used as a how-to guide to validate what you have done thus far and help you plan for the future. 

Click here to download “Intelligent security operations: A how-to guide.

Join us in Washington, D.C. to learn what it takes to create a successful, intelligent security operations capability at HPE Protect 2016. The event takes place on September 13-16! You'll have several SecOps-based sessions to choose from when you select the "Intelligent Security Operations" track from the Session Catalog. We’ll see you at Protect!

About the Author


Cami Lewis - CISSP, CRISC, MSSE, MSIS, MSIA, is a senior member of the HPE Security Portfolio team. She is responsible for developing thought leadership, producing content and collateral, industry expert media support, driving security products initiatives, security research and conference support.


I maintain that ArcSight as well as any decently maintained SEIM would/should meet the government "autditing" requirements of any non-fiduciary system with ease, and should be able to easily meet the auditing requirements of a fiduciary system with a simple change of configuration of the auditing details of that system in the SEIM setup.

I have people here in the Governement that think that "Auditing" a system can ONLY be accompleshed by systems that are special built for that function mand only that function, what say YOU?


This is a good description of a capability model, but several 'Frontier' capabilities may need to move to the left. I don't agree statistical analysis, IOC identification, or Data mining as listed, should be considered advanced any longer. Companies building a SOC capability for the last five years have been including statistical analysis and data mining in the tool chain and skill sets, IOCs through enrichment. Technology companies have been building it in their software for the last two. We might not consider it frontier if it factors into a Gartner quadrant. Where would we class a response capability here? Where would a hunting mission fit in