• Cyber Operations
  • May 27, 2020
  • By QOMPLX

QOMPLX Operations: The 4Ps of SOCs Part 2: Process

QOMPLX Operations: The 4Ps of SOCs Part 2: Process

This is the second in a series of publications we’re calling “QOMPLX Operations.” These posts are intended to provide security practitioners with best practices and insights needed to build effective, robust security operations center (SOC) teams. To learn more, download our free reports!


In 2013, big-box retailer Target became the victim of a massive compromise of its Point of Sales (POS) network. All together, credit card breach information on 110 million Target customers was stolen. Target ended up paying $18.5 million in a settlement with Attorneys General in 47 states and the District of Columbia.

Behind the headlines about Target lay a cautionary tale. Subsequent reporting revealed that detection tools used by Target and a managed service provider had, in fact, alerted staff that an incident occurred early on. Furthermore, that incident was isolated and even escalated by staff. Still, no further action was taken to investigate the incident. In other words, at some point, the process of incident escalation used by Target faltered, with disastrous consequences for the firm.

Target's story underscores the critical importance of establishing effective processes within your security operations center. It also reminds us that organizations face a multi-level challenge: from translation of cybersecurity monitoring actions; to risk assessment; to risk quantification and communication; to prioritization of risk mitigation and response actions.

In this second installment of our QOMPLX Operations series, we're digging into the tricky question of what makes effective SOC processes and how organizations can set themselves up for success by creating effective, responsive SOC processes that actually reduce risk.

You can download "The Four Ps of SOCs Part 2: Process" here. Registering will give you access to all four reports in the series.

You might also be interested in

Lessons from the Medibank breach

Lessons from the Medibank breach

Ming Fu, a member of the Americas Pre-Sales Engineering Team at QOMPLX, looks at the much publicized Medibank breach in Australia last year, and draws a few much needed lessons based on the published findings of this breach.

Read more
Solving cybersecurity when an SOC isn’t in the budget

Solving cybersecurity when an SOC isn’t in the budget

Small businesses are frequent targets of ransomware attacks but often do not have the resources or expertise to staff a security operations center.

Read more
Register Now: Save Your SOC by Securing Active Directory

Register Now: Save Your SOC by Securing Active Directory

On March 11, join QOMPLX Chief Security Officer Andy Jaquith for a discussion about how automating identification of common, Active Directory attacks can help streamline your SOC and prevent SolarWinds style compromises.

Read more
Request a Demo

Interested in learning more?

Subscribe today to stay informed and get regular updates from QOMPLX.