Taking your Foot out of the SOC – Security Operations Centre- Demystifying the SOC…

With the world rapidly moving from a manually driven mindset to one that is digitally driven coupled with data becoming the new currency, the automation of processes has facilitated an overall improvement of life as we did know it. This rapid growth towards life in the virtual world has opened a new avenue for criminals, cybercrime. As cyber-criminals never sleep and operate using sophisticated methods to obtain the virtual property of others, Individuals and organisations are quickly becoming more cyber-security savvy.

Cyberattacks and data breaches are on the rise exponentially companies of all sizes need to place an emphasis on securing their technology assets.

Individuals need to rely on their wits and cyber awareness training whilst corporates and the business world have the benefits of centralising the fight against cyber-criminals through the use of a SOC, a Security Operations Center.

A Security Operations Center or SOC is not a NOC or Network Operations Center. The NOC is responsible for ensuring that corporate infrastructure is capable of sustaining business operations, while the SOC is responsible for protecting the organization against cyber threats that could disrupt those business operations.

So, What does a SOC really do?

A SOC is a dedicated and restricted environment that are focused on the monitoring, analysis, investigation and responding to security incidents. The SOC operates in real time.

?A SOC can either be in-house or outsourced to a 3rd party under a SOC as a Service model. A dedicated SOC is suitable to larger organisations due to the set-up and the associated operating costs. The benefits of a dedicated DOC can place an organisation in a preferred position.

A Dedicated SOC can bring multiple benefits to an organisation that may include continuous network monitoring, centralised visibility of cyber-activity across the business, reduced cybersecurity costs due to non-duplication of cybersecurity services.

Criminals and specifically cybercriminals never sleep. Once cybercriminals set their minds on a specific target, they are relentless in achieving their goal. To minimise cybersecurity risk, an organisation. cannot maintain a 9 to 5 approach. Adopting a 24/7 approach to cybersecurity monitoring of the organisation’ IT infrastructure and data must be the norm. To ensure that the SOC is effective, the organisation must put “its money where its mouth is” and equip the SOC with the correct mix of technical skills, tool, and infrastructure.

We have the rapid growth of data through the adopting of cloud strategies and the impact of the 4th industrial revolution (4IR). The Internet of Things (IoT) and the subsequent growth of connected devices poses risks of their own. Organisations today are already exposed to these risks resulting in a departure from the old way of thinking. Add to this the complexities of the Covid pandemic which has seen a completely new way to working. We have the rapid rise of remote working and a greater use of own mobile devices on corporate networks. These have added to the cyber risks for organisations.

With the great variety of technology available in the marketplace, established organisations have a myriad of systems, platforms and applications. Through an effective SOC, appropriate tools will allow an organisation to proactively gain visibility into the state of the organisation’s network and any potential cyber risks.

Fighting crime is not a cheap exercise. Being proactive in managing cyber risks carries costs. An organisation may be required to invest in multiple licenses and platforms to develop a comprehensive cyber protection strategy from both a visibility and protection perspective. With the ongoing and changing cyber landscape, cyber monitoring and protection solutions (hardware and applications) require regular updating, which can be an expensive exercise.

A centralised SOC enables an organisation to reduce these ever-increasing costs through a sharing mechanism whereby a charge-back system can be deployed if the centralised SOC operated as a cost center. Alternatively, with a centralised SOC, it becomes a center of excellence, and all cyber security related matters are within one area and costs can be easily or better managed. This will eliminate the silo overheads that often results in duplication.

Ensuring good collaboration in tackling cyber-attacks through effective cyber incident detection and response. A Centralised SOC achieves this through clear processes, procedures and correctly trained (and certified) cyber professionals.

An effective SOC that monitors and blocks cyber-attacks before any damage is done, will in no time save an organisation large amount of money and prove its worth and ROI.

Cyber criminals are ruthless. The benefits of a Security Operations Center or SOC are clear. Join the SOC or be SOC’d by the cyber-criminals.

The benefits of using a managed service of SOC as a Service will be covered in a separate article.

Mohsien Hassim- experienced GRC, Cyber Security and ESG Professional.