This white paper explores how to assess and evolve the principle programmes of the security operations centre (SOC): threat monitoring, threat hunting, threat investigation and incident response.
LogRhythm developed the Threat Lifecycle Management (TLM) framework to help organisations ideally align technology, people and process in support of these programmes.
The TLM framework defines the critical security operations technological capabilities and workflow processes that are vital to achieve an efficient and effective SOC.
LogRhythm’s Security Operations Maturity Model (SOMM) helps organisations measure the effectiveness of their security operations and to mature their security operations capabilities.
Using our TLM framework, the SOMM provides a practical guide for organisations that wish to optimally reduce their mean time to detect (MTTD) and mean time to respond (MTTR) — thereby dramatically improving their resilience to cyberthreats.
Of course, TLM doesn’t describe every programme a SOC might encompass.