Home
All Topics
Security Operations Center (SOC)

Peer-Driven Insights

Security Operations Center (SOC)

Active Ambassadors in This Topic

Rathik Pathak

JM Financial Services Ltd

Travel and Hospitality, 1k - 5k

View All Community Ambassadors

What sets us apart?

No selling.

No recruiting.

No self promotion.

Read Our GuidelinesTrusted peer advice and insights for technology professionals.

Related Topics

Awareness & Training
Data Privacy & Protection
Governance, Risk & Compliance
Identity & Access Management (IAM)
Regulatory Compliance

Community Guidelines Rules of Engagement FAQs Directory of ambassadors Privacy Terms of Service

© 2025 Gartner, Inc. and/or its affiliates. All rights reserved.

Community Posts

Does your organisation have a formalised threat hunting programme? If so - what were the key drivers for you in setting one up and what made it successful?

If not - what is stopping you from setting this up?

Read More Comments

Employee Count and Licensing Usage:

- What is your employee count?

- Do you use Microsoft E3, E5, or a variation (e.g., E3 + Security E5)?

- Do you rely only on Microsoft EOP and/or Defender for O365 for email protection? If not, what other product(s) do you use (e.g., Proofpoint, Abnormal)?

Read More Comments

I am currently conducting research on emerging trends in Security Operations. Specifically, I am focusing on how organizations are approaching Tier 1 (alert triage) and Tier 2 (root cause analysis) SOC functions. I would greatly appreciate your input on the following: Are you seeing these functions being outsourced in your organization or others you are familiar with? If so, at what company size or operational scale does outsourcing typically begin? Are there any approximate annual cost ranges you have seen for outsourced Tier 1 and/or Tier 2 activities (including tools and personnel)?

Read More Comments

Who owns Communication in Network vs. Security Incidents? Best Practices & RACI Guidance Needed In many organizations, Network and Security teams both play a role in incident response, especially when firewall or SASE issues impact network performance. When an issue is first diagnosed by the Network team but determined to be security-related, who should own the ongoing communication, resolution updates, and root cause reporting? I’d love to hear from the community: • Are there best practices, ITIL/ITSM frameworks, or RACI models that clarify ownership? • How does your organization handle communication handoffs between Network and Security teams?

We need to review our security strategy. Currently we use a service provider to provide SIEM and SOC services. They use Manage Engine and OberserveIT. They also patch and upgrade our endpoints. Tend Vison one is the foundation on which we have built our endpoint protection. With all the new Microsoft Security products and AI on offer (A) should we replace or augment? (B) What do you use to Administer the landscape from a single pane of glass. Both out Trend and managed Security Service Contracts are due to expire. (C) what gotchas do we need to lookout for if we decide to replace / retire any of the existing tools in our environment.

Read More Comments

We are considering engaging Beazley Security as a 24/7 SOC. They were brought to the table by our Cyber Insurance carrier. Does anyone have any experience with this firm?

Read More Comments

What is the future of SIEM solutions and SOC? What are the various products available in the market? How does XDR enhance the efficiency of SIEM.

Read More Comments

Are organizations managing IT security internally, or are they outsourcing to specialized security companies?

If they are outsourcing, how do they ensure the security vendor can handle all potential threats and vulnerabilities?

Read More Comments

I'm interested in understanding your approach to establishing a two-way trust between Active Directories in the following scenario: A larger company A acquires a mid-sized or smaller-sized company B, at what point do you feel comfortable establishing a two-way trust between both Active Directories? The priority is to ensure business continuity without impacting their clients on both ends, while recognizing that integration would be significantly easier with a trust established. What would be your key considerations that you typically review prior to even entering discussions about this capability. My focus is on the prerequisites for trusting a new entity that was previously managed by another IT team within your organization. For example, do you conduct by default a full penetration test, assess the network and external-facing systems, perform policy health checks, evaluate conditional access settings, breach history of Company B and/or their vendors etc. and demand changes to get as close to your standard before proceeding? If yes how close do you get before feeling a little more comfortable before accepting all the risks?

Read More Comments

Are there any solutions currently in the market for Customization and Total Automation for Penetration Testing Reports?

Read More Comments

What is the best security course you have completed?

CISSP31%

CISM34%

CEH9%

Security+11%

SSCP2%

Other10%

View Results

Agree or disagree: Business unit leaders typically oppose the SOC’s recommendations.

Strongly disagree2%

Agree65%

Neutral18%

Disagree13%

Strongly agree

View Results

As I evolved my technology career, I relied on many models like ITIL, OSI, NIST, PMBOK, etc. What are the new models that better reflect the new ways of working? Does anyone still use any of the models I mentioned? What do you all think I should learn more about in this regard?

Are your security operations team members worried about their jobs being replaced by generative AI tools?

Yes, all of them13%

Yes, some of them54%

Yes, but very few of them17%

No13%

I'm not sure...2%

View Results

Endpoint Protection and Utilization of E5 Features:

- Do you use Microsoft Defender EDR for Endpoint EDR? If not, what product do you use (e.g., CrowdStrike, SentinelOne, CarbonBlack)?

- If you have Microsoft E5 licenses, are you utilizing all features as your primary and only solution for each domain (e.g., Endpoint protection, Information protection, vulnerability management)? Or do you have other solutions in place either alongside or in place of the included capabilities in E3/E5?

Read More Comments

Is anyone using ServiceNow for their workflow and ITSM needs? Do you manage your ServiceNow internally or do you outsource the mgmt of it to ServiceNow partner?

I have worked with few “expert” partners but have found that they lack the business context and domain expertise in the platform.

Any recommendation on best strategy and partners for managing ServiceNow platform?

Read More Comments