Time for a SOC
(Security Operations Center) Revolution
It’s no secret that cybersecurity is a
topic that spans industries, geographies
and has evolved into an entire industry,
encompassing entire organizations in
2016. In fact, many of the top IT consulting firms have recently noted that in
just a span of a few years they have gone
from proactively reaching out to boards
and business executives to discuss cybersecurity, to now fielding incoming requests
to assess cybersecurity maturity and layout a long-term plan for improvement.
CIOs, CISOs, business executives and
boards alike are seeking out consulting services to benchmark, identify gaps and vul-nerabilities, create a cybersecurity strategy
and align it to business goals, secure devices
and ensure data privacy measures are met.
While this momentum may appear to
be strategically thorough, one key element fails to make the priority list of
many stakeholders: the security operations center, or, SOC.
The SOC, or SOC-like capabilities,
often exist for the sole purpose of meeting compliance mandates, and are simply
a ‘check-the-box’ item. Prevailing approaches to SOC have been akin to “one
and done”—once the technology and/or
contract is signed and sealed, it becomes
out of sight, out of mind. Furthermore,
there is often little to no communication
from the SOC or threat monitoring service, leaving companies under the impression that there are no severe threats and
have been no breaches. Thus, the SOC
helps perpetuate an illusion of security.
Many, if not all, of the major breaches
in recent years were on companies that
met minimum compliance requirements
and/or had a bare-bones SOC function.
Meeting compliance requirements does
not, unfortunately, in any way correlate
to security, which many companies are
finding out the hard way.
New and modernized approaches to
SOC are essential to overcome challenges
and decrease risk. Enterprise investment
needs to expand to support integrated and
centralized SOC functions, with advanced
capabilities and real-time visibility (actual,
predicted and conducted) into threats.
Rather than limiting investment to only
what is required and keeping the SOC
isolated, real business value will come
from new and improved SOC’s well-doc-
umented procedures that support collabo-
ration and communication, streamline and
automate reports and findings and have
well-defined programs to develop and
grow the staffed resources.
Next generation SOC is not a simple
task; investing in it is crucial to creating a
more secure operating environment.
Erin Hichman is the Lead
for IT Consulting Research
for ALM Intelligence.