
Proving The Value Of SOCs When Nothing Is On Fire
Every day, security operations center (SOC) professionals protect their companies' systems through proactive threat intelligence activities that include gathering information about potential cyberattacks, analyzing their impact and determining the most effective way to respond to them. During a cyberattack, the worth of an SOC is clear. When everything is burning down, SOCs are the firefighters working to protect an organization's systems.
But how do SOCs demonstrate their worth when nothing is on fire? Unfortunately, some company decision makers may regard SOCs as the seatbelt they can remove because they haven't been in any accidents lately. Even though they're getting the benefits of the daily protections SOCs provide, when there's no clear evidence of this defense, companies may decide that the precautions aren't worth the cost.
SOCs already know how valuable they are, but it doesn't matter if no one else sees what they bring to the table. As a result, it's important for SOCs to actively and consistently prove their worth by changing the way they operate.
When SOCs have effectively warded off security breaches, it can be difficult for them to get the visibility and credibility they deserve because nothing is happening. And when nothing is happening, an organization's management may be left wondering what the SOC actually does—and why it's even necessary.
To help make the business case for SOCs, leveraging metrics is key. There are numerous points in the analyst workflow that can be highlighted.
• Extracting Indicators: SOCs regularly review threat intelligence reports. It's important to highlight the importance of this work. Outlining all of the domains, IP addresses, hashes and URLs that may have been problematic without their intervention demonstrates how many fires could have burned a company's system down—but didn't get a chance to ignite.
• Checking Intelligence Feeds: Often, leaders are overlooking the effort spent to proactively block threats, and they assume the things being prevented are not 'novel.' But that is not necessarily the case. SOCs should show how they've extracted and searched for indicators that were caught by security tools, on a retroactive basis. To say it another way, there is very little finished threat intel about today's threats. Those intel products are released weeks or months from 'boom,' so you need to run a retrospective analysis to help tell a better story of the attacks you blocked three months ago. It didn't happen to you, but it did impact another organization. Otherwise, there would be no intel.
• Reviewing Alerts: Security tools should be maximally implemented and effective, but are they really? SOCs should provide metrics about which tools are producing what quality of alerts on an ongoing basis. Oftentimes, cybersecurity vendors wax and wane with the quality of their detection capabilities, and management should be able to understand when that once-hot vendor starts to taper off in value.
• Searching Logs: Alerts are only as good as the frequency at which they're generated. Leaders won't know about threats that no one was warned about, but SOCs will. They can communicate with decision makers about their ability to look at endpoint telemetry, network traffic and browser activity logs to find indicators of threats that were present, but never triggered an alert. Creating metrics about the time it takes to execute basic hunts (indicator-based searches) shows where telemetry and search horsepower could be improved.
• Simulating Attacks: A simulation is a fire that never actually sparked, but one that could have. SOCs should execute controlled threat simulations in virtual environments to determine the effectiveness of security tools for detecting and responding to possible threats. Since organizations generally don't track these time-consuming tasks, letting executives know about simulations—or even showing one in action—can illustrate the importance of SOCs' work.
Despite the various metrics SOCs can report to their organizations, they generally don't monitor their effectiveness. One major factor that precludes reporting on metrics is the manual effort it takes. Developing and updating connectors to collect, analyze and correlate threat intelligence information from various security tools would be extremely onerous.
Although security orchestration tools do exist, they require companies to build their own playbooks and manage APIs that can frequently change. This means only the most sophisticated organizations with security engineers can create effective workflows—leaving other companies to toil with the more labor-intensive approach.
However, this doesn't mean metrics should not be measured at all.
If SOC analyst workflow metrics are too challenging to quantify and record, there is another way they can show their value: benchmarking. Establishing benchmarks allows SOCs to adopt a data-based strategy that boosts their effectiveness. This also allows them to illustrate how many reports have been handled, as well as how much time was spent on each phase of the process.
Some of the questions SOCs can use as the foundation for measuring benchmarks include:
• How long does it currently take to fully analyze one threat intelligence report?
• How many reports should be reviewed per day or week to achieve threat coverage?
• Where are the logjams?
• Does a tool or manual workflow cause delays?
• How can automation be used to increase the speed of these processes without jeopardizing the quality?
Answering these questions can be a starting point for how SOCs present their daily activities in a way that's meaningful to management. Chances are, executives aren't aware of the numerous activities SOC analysts engage in when there's no obvious threat to manage. This problem can be solved by SOCs regularly documenting their efforts through weekly reports.
Cybersecurity is a dynamic field, so organizations must shift from a defensive approach to managing threats proactively. However, in order to do this, SOCs must be able to demonstrate the importance of their roles and justify their budgets. Otherwise, leaders may come to the conclusion that SOCs just aren't needed. By creating performance benchmarks and measuring how effective they are, SOCs can prove that the data fires that never burn are the most important fires of all.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?

Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles


Forbes
an hour ago
- Forbes
The Role Of SOPs In Building A Systemized Business
Andrey Shelokovskiy of Nomad Painting is an experienced business development leader and sales professional in the coatings industry. In fast-growing companies, chaos often masquerades as hustle. Everyone's moving fast and working hard. But without clear systems, that momentum eventually halts under miscommunication, burnout and avoidable errors. One of the most powerful ways to bring order to that chaos is by implementing standard operating procedures (SOPs). SOPs are more than just documents. They're the backbone of scalable operations, and they're essential for building a business that doesn't rely on constant supervision or memory. Whether you're leading a team of five or 50, well-defined SOPs allow you to deliver consistent results, reduce turnover and create a culture of clarity and accountability. SOPs Prevent Operational Chaos When I started my painting business in 2022, we had no SOPs and no clear guidelines for how to handle day-to-day operations. Every decision, every customer situation, every jobsite question came back to me. At some point, it became easier to just do the work myself. And that's how most small business owners stay trapped in the owner-operator role and eventually burn out. Without documented processes, businesses become bottlenecked by the founder. Mistakes multiply, decisions stall and no one can move forward without your input. SOPs change that by transforming guesswork into repeatable systems. When everyone understands the 'how' behind each recurring task, from prepping a home for painting to communicating with a customer, the entire operation becomes more efficient and independent. SOPs Reduce Turnover By Empowering Teams High turnover often stems from confusion, frustration and a lack of support. When new hires are thrown into roles without clear instructions, it's not just overwhelming, it's demoralizing. That was our experience early on. New team members would shadow others or ask questions constantly, but there was no structure behind the onboarding. Once we began building SOPs, training became far easier and more consistent. Processes didn't have to be reinvented with every new hire, and employees gained confidence more quickly. Even simple procedures, like jobsite setup checklists or daily communication protocols, made a huge difference. Teams that feel equipped are more likely to succeed and stay. SOPs Shape A Stronger, Healthier Company Culture Culture isn't about slogans on a wall—it's how people feel when they show up to work. Do they know what's expected? Do they feel supported? Are standards clear and fair? SOPs contribute directly to a healthy culture by aligning expectations and eliminating ambiguity. When roles and responsibilities are clearly defined, there's less finger-pointing and more problem-solving. And when team members follow the same playbook, collaboration and accountability improve. SOPs Are The Foundation For Scale Most founders eventually face the same dilemma: Growth becomes limited by how much they can personally oversee. SOPs are the bridge from owner-dependence to true scalability. In our case, documenting systems allowed us to delegate more confidently, expand our team and maintain quality as we grew. SOPs made the business easier to manage and far more valuable in the long run. If you're not sure where to begin, start simple. Record the issues that come up most frequently, then turn each one into a basic process your team can follow. Over time, those small systems will add up to a fully operational framework that runs with or without you. Final Takeaway If your company still relies on verbal instructions or 'just ask [name]' as your operating model, you're not alone—but you are vulnerable. SOPs don't just reduce chaos; they unlock clarity. And with clarity comes consistency, efficiency and long-term sustainability. In short, SOPs are the infrastructure behind every business built to last. Forbes Business Council is the foremost growth and networking organization for business owners and leaders. Do I qualify?


Associated Press
an hour ago
- Associated Press
Regenx Tech Corp Provides Operations Update
EDMONTON, Alberta, July 03, 2025 (GLOBE NEWSWIRE) -- Regenx Tech Corp., (the 'Company' or 'Regenx') (CSE: RGX) (OTCQB: RGXTF) is providing an update on the status of the restart of operations at its new facility in Newport, Tennessee as well as the application for funding from the US Department of Energy. Permit Application Regenx is pleased to announce that all the necessary permits were granted on July 2, 2025. These permits authorize the Company to complete the construction of operations at the new facility and allows the processing of material to commence. This marks an important milestone in the restart of operations in Newport, Tennessee. The permit application, submitted on December 18, 2024, involved close collaboration with regulatory agencies and local authorities. Rick Purdy, President of Regenx USA, commented: 'Securing the permits is a crucial step forward for Regenx. With the necessary approvals in place, our team is set to complete the plant construction and begin processing material by the end of July. While full-scale production will be achieved over time, these critical steps position us well to accelerate our progress and work toward our operational milestones. The Company extends its gratitude to all stakeholders for their ongoing support throughout this process.' The recent upgrades and efficiencies in Regenx's processes are expected to improve overall site performance. The Company is focused on gradually increasing production capacity, aiming to reach a processing rate of 4,000 pounds of milled feedstock per day as it moves toward full capacity. Department of Energy Proposal Regenx is pleased to announce that it has received a favorable response from the U.S. Department of Energy (DOE) concerning its proposal titled 'Domestic Recovery of Critical Minerals from End-of-Life Catalytic Converters,' submitted on April 24, 2025. Following an initial review, the DOE determined that the proposal aligns with its mission and adheres to Federal Acquisition Regulation 15.603(c). The Department of Energy has requested additional details to further assess Regenx's eligibility for the requested government funding. Regenx looks forward to providing the necessary information to support the evaluation process. 'We are excited by the DOE's interest in our proposal,' said Don Weatherbee, Chief Executive Officer of Regenx. 'This initiative presents a valuable opportunity for Regenx to contribute to securing critical mineral supply chains vital to national interests. We are eager to expand upon our initial submission and demonstrate how our innovative technology can advance sustainable recovery of these essential resources.' About Regenx Regenx Tech is a cleantech, urban mining company that recycles end-of-life diesel catalytic converters using its innovative and environmentally friendly proprietary technology for the recovery of precious metals, such as platinum and palladium. Learn more at For further information contact: REGENX TECH CORP. [email protected] Neither the Canadian Securities Exchange nor its Regulation Services Provider (as that term is defined in the policies of the CSE) accepts responsibility for the adequacy or accuracy of this release. Forward-Looking Information: This news release contains 'forward-looking information' within the meaning of applicable Canadian securities legislation. All statements, other than statements of historical fact, included herein are forward-looking information. In particular, this news release contains forward-looking information regarding: the business of the Company, including future plans and objectives, and the debentures. There can be no assurance that such forward-looking information will prove to be accurate, and actual results and future events could differ materially from those anticipated in such forward-looking information. This forward-looking information reflects Regenx's current beliefs and is based on information currently available to Regenx and on assumptions Regenx believes are reasonable. These assumptions include, but are not limited to: the underlying value of Regenx and its common shares, Regenx's current and initial understanding and analysis of its projects and the development required for such projects; the costs of Regenx's projects; Regenx's general and administrative costs remaining constant; and the market acceptance of Regenx's business strategy. Forward-looking information is subject to known and unknown risks, uncertainties and other factors that may cause the actual results, level of activity, performance or achievements of Regenx to be materially different from those expressed or implied by such forward-looking information. Such risks and other factors may include, but are not limited to: general business, economic, competitive, political and social uncertainties; industry condition; volatility of commodity prices; environmental risks; operational risks; general capital market conditions and market prices for securities; delay or failure to receive board or regulatory approvals; the actual results of future operations; competition; changes in legislation, including environmental legislation, affecting Regenx; the timing and availability of external financing on acceptable terms; and lack of qualified, skilled labour or loss of key individuals. A description of additional risk factors that may cause actual results to differ materially from forward-looking information can be found in Regenx's disclosure documents on the SEDAR+ website at Although Regenx has attempted to identify important factors that could cause actual results to differ materially from those contained in forward-looking information, there may be other factors that cause results not to be as anticipated, estimated or intended. Readers are cautioned that the foregoing list of factors is not exhaustive. Readers are further cautioned not to place undue reliance on forward-looking information as there can be no assurance that the plans, intentions or expectations upon which they are placed will occur. Forward-looking information contained in this news release is expressly qualified by this cautionary statement. The forward-looking information contained in this news release represents the expectations of Regenx as of the date of this news release and, accordingly, is subject to change after such date. However, Regenx expressly disclaims any intention or obligation to update or revise any forward-looking information, whether as a result of new information, future events or otherwise, except as expressly required by applicable securities law.


Forbes
3 days ago
- Forbes
Understanding The Challenges Of Cybersecurity Threat Readiness
Alex Lanstein is the CTO of StrikeReady, pioneering unified AI-powered Security Command Center solutions for Security Operations Centers. The importance of keeping an organization's data safe can't be overstated. According to Thomson Reuters, just one data breach can cost a company millions—with no sign of that cost decreasing. Effective threat readiness helps reduce the risk of falling victim to cybercriminals and paying a staggering sums to address the damage. But before security operations center (SOC) analysts can prevent attacks, organizations must first understand the core challenges to becoming truly threat-ready. Common Threat Readiness Challenges Threat readiness means being able to identify, prepare for and respond to cybersecurity threats. While all organizations should be concerned, there's no one-size-fits-all approach to staying secure. It's critical to develop methodologies tailored to each organization's specific needs and security landscape. The first challenge in becoming threat-ready is identifying which threats matter the most. It's unrealistic to try to combat every attacker, every time. An intel-driven approach can help focus resources on high-priority threats—but leaders need to determine which ones are worth the focus. Simulation scenarios must be relevant to a company's sector and geography. Threat actors often target based on industry, region or past vulnerability. For instance, an attacker focused solely on Sri Lanka, Bangladesh and Pakistan is likely irrelevant to a Texas-based tax software company. SOC teams should also track which threat groups have targeted them in the past. Getting breached once is forgivable—but being breached twice by the same actor can have serious professional consequences. By building profiles of likely attackers, cybersecurity teams can define the relevant actors, tactics and motivations, then design defenses that address them. While it may feel safer to respond to every threat, doing so wastes time and resources. Unless your organization has infinite budget, it's better to focus than overreact. 'Plumbing' refers to the behind-the-scenes effort of filtering, applying and managing security data effectively. SOCs are innundated with information—thousands of indicators, alerts and threat group signatures. Without good plumbing, teams can drown in a flood of false positives or irrelevant data. Improper filtering can not only trigger irrelevant alerts, it can also cause outages in network or endpoint infrastructure—potentially obscuring real threats amid the noise. Blocking threats is a central goal, but automating this action introduces risk. Automatically blocking infrastructure based on threat intelligence may inadvertently disrupt employee access to legitimate applications. For example, some threat actors use trusted services—like obscure file-sharing platforms or even Google Calendar—for command and control. APT41 has used this exact tactic. If you block infrastructure flagged in threat intel without vetting, the outages you cause could be worse than the threats themselves. Confidentiality is a cornerstone of effective threat readiness—but it's harder to maintain when integrating AI into workflows. AI can help analysts manage large volumes of data, but feeding sensitive information into third-party systems raises privacy concerns. Organizations should be cautious when uploading alert data into AI platforms like OpenAI or Google Gemini. These companies have legitimate access to user input, and while their analysts are skilled professionals, they openly publish threat intel on their public blogs—indicating that customer data may be actively reviewed. When a data breach is suspected, especially in regulated industries, SOCs must act quickly—while also following strict protocols. Investigations need to be trackable and auditable to ensure clarity later. If an analyst investigates a breach involving a senior executive, they must document every step. Without clear records, actions like pulling files or accessing email accounts can raise internal or legal concerns and may reduce trust in future automation. Getting Ahead Of The Threat Curve Navigating threat readiness challenges requires a strategic blend of human expertise, actionable intelligence and smart automation. Rather than adopting generic security frameworks, companies should build comprehensive, adaptable programs that reflect their unique threat landscape and operational priorities. Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?