If Your Business Depends on Data, You Need a Security Operations Center

Invest in threat monitoring and timely detection to stop a security breach from ever darkening your mainframe.

March 31, 2016 by Alex Collins, IT Services Consultant

security-operations-centerOnly the gullible and foolhardy wait for cyberthreats to appear on their doorstep before taking any action. The smart money is on the proactive approach: investing in threat monitoring and timely detection to stop a security breach from ever darkening your mainframe.

Many enterprises now find that expanding detection capabilities begins with setting up a Security Operations Center (SOC): a virtual nerve center that coordinates a business' information security functions.

SOC staff are responsible for identifying, researching, and resolving any threats to your information assets. An SOC can identify an attack before it begins, figure out the mechanisms of the attack and what data it might potentially compromise. IT security personnel can use the SOC to better collaborate and share knowledge on immediate and potential threats.

Enterprises with SOCs in place tend to avoid security problems that bedevil competitors who let generalist IT staff handle security issues. SOCs provide the following benefits to their host companies:

Constant vigilance. Cybercriminals don't work on a nine-to-six weekday-only schedule; the only way to maintain tight IT security is by maintaining 24-7 monitoring of security threats. And even that is no guarantee of success: do you have a security system that can successfully report an incoming breach every single time?

“In almost every instance of a reported cybersecurity breach the organization had a security system that detected and reported the breach,” writes Arctic Wolf CEO Brian Nesmith. “It was lost in the noise of thousands of other notifications that were false positives so it is easy to see why it might get missed.”

A dedicated SOC is much better at identifying real threats and reporting them in time: no easy task for generalists, says Nesmith, as “the work required is comparable to looking for a needle in a haystack every day—without knowing whether there is actually a needle there.”

"The big advantage of a security operations center is continuous monitoring," explains Eric Cole, founder of Secure Anchor Consulting. "Adversaries don't stop breaking in, you shouldn't stop monitoring it. If you're only monitoring your network six hours a day and the adversaries [are] breaking in for 24 hours, you're at an instant disadvantage."

Specialized tools… and the specialists to handle them. For Eric Cole, security automation is necessary to a successful SOC… but it is by no means sufficient. "Security automation is really the lifeblood of a SOC," Cole explains. "Computers are great for automation, but humans are great for the analytical component, and that's really the key."

Firewalls, antivirus and malware tools have had their day, but conscientious companies know that the tools alone don't make the SOC, people do. Trained, dedicated security personnel are a key part of any SOC – people are needed to investigate threats and handle the tools that can defeat them, often working in shifts to maintain vigilance at all hours.

“Staffing is frequently one of the most challenging aspects of building a SOC,” writes Dr. Stuart Broderick, presently part of the Cisco Advanced Services team at Cisco Systems. “Yet, these uniquely skilled professionals are also vital in enabling an organization to protect their information assets by staying informed of the latest cyber threats, vulnerabilities, hacker techniques, and security technology developments.”

This naturally leads companies considering an SOC to ask the following question.

In-house… or outsource? An SOC delivers outsize security benefits to companies, but also requires a major investment as well: requiring a major reorientation of company resources to support the people, processes, standards, and policies that enable 24-7 monitoring of threats.

Deciding what kind of SOC services you can afford all depends on what security you need… or what you can live with. "It's sort of like asking me, 'What's the cost of an automobile?' Do you want one of those little smart cars or do you want a Ferrari?” explains Secure Anchor Consulting's Eric Cole. “It can really vary greatly on the requirements."

You can start exploring your requirements by deciding what the scope of your SOC's services will be. Do you want just monitoring and detection in place, or do you also want your SOC to handle incident response and remediation? How much of these functions can you afford to do in-house… or can you outsource your requirements instead?

Explore your options by getting some expert, tailored advice to find out how an SOC fits into your enterprise's defense plan. To get started, contact the IT experts at All Covered at 866-446-1133.