Using Weekly SOC Metrics Review to Drive Down Recurring Incident Counts

In 2015, we were short staffed and experienced a huge increase in host compromise reports and DMCA allegations. Struggling under the tsunami of work, we began implementing automation to work with our RTIR ticketing solution. As manually processed ticket levels declined, we began looking at how we could reduce our overall incident counts. To get data-supported answers, we established weekly SOC meeting reviews to spot trends at various time intervals to tease out areas of improvement. By gradually reducing the numbers of repeat offenders on campus, we freed up time to focus additional efforts on proactive threat hunting.

Outcomes: Understand and appreciate the force multiplier that automation brings to handling repetitive tasks * Know how to take advantage of weekly SOC meetings to drive down repetitive incident counts * Identify how to make data-driven decisions to focus threat detection, mitigation, and user-education efforts