Tiered v/s Tierless SOC

Tiered SOC:

When it comes to analyst roles in the security domain (SOC), it will be breaked down into tiered structure. It basically divides into three categories- Tier 1, Tier 2 & Tier 3.

Tier 1 represents an entry level role.As they gain more experience, they get promoted into higher tiers. Tier 1 involves the tasks for the newcomers like collecting the data and understanding the rules of SOC. It also involves that whether the analyst is allowed to use particular tool or not and which data they can view. This is having plus side and minus side both. Plus side is focusing on learning and removes the temptation of data viewing and it’s usage that might results into issues. Another plus point is that it is tight controlled process and who can do what helps runs SOC at peak efficiency and everyone knows about the expectations from them. Minus side is the analyst cannot view data in a deep way and cannot use tools can get frustrated. Overly restrictive tiers can lead to frustration among tier 1, if they don’t get promoted faster.

As analyst get familiar, Tier 2 & 3 comes into light. It involves increasing amount in terms of freedom, more complex tasks and less process. The tasks can be challenging like malware reverse engineering or memory forensics- the activities which requires higher level of expertise. Above used term increasing in freedom means analysts can be trusted with more dangerous files like malware or sensitive incidents. This can be a motivator and an efficient way to run the SOC correctly.

Tierless SOC:

Talking about tiered SOC , many analysts get frustrated due to repetitive tasks or feeling held back despite of having ability to solve more complex tasks. So, the tierless model may be the better option for some teams. In tierless SOC, analysts can be given more freedom in the usage of tools and data to learn and explore. It shows that the analysts from these environment seems more happier. Although it seems less defined ,it can be a potential risk too. Gives less efficient, but gives SOC ability to build and retain the talent that is requires for complex tasks.

Tierless SOC doesn’t mean chaotic. But need to ensure that everything is still goind into dependable and repeatable way. In this model, it is expected that everyone be able to do things collectively and shares the responsibility and gives upto their capability. For this, everyone should know their limits and comfortable asking for help when needed. The biggest benefit is new analysts are introduced with more techniques and more complex problems without waiting for promotion.

Thank You…