5 Reasons You Need a Security Operations Center (SOC)

Almost every company today has at least some defensive cyber security equipment like a firewall, intrusion protection, URL filtering, email filtering and antivirus. These are the right basics to secure your employees against the Wild West that is the internet, but is this equipment enough to keep your company truly safe?

Yes…and no.

Defensive equipment keeps out the things you have it configured to keep out. But what about the things we don’t know about?

In 2018 so far, there are already 1,000+ newly released vulnerabilities that may be threats to your environment. Is your defensive perimeter dynamically reconfiguring itself to defend against these new threats that can impact your business? Most companies treat their defenses as something static, and aren’t updating on a continual basis. The problem is, threats on the internet are anything but static.

OK, so the answer seems clear right?

You need to have someone, or more likely someones, who can keep your security perimeter constantly updated against new and evolving threats around the clock.

That’s where having a Security Operations Center, or SOC for short, comes in.

First let’s define what a SOC actually is:

A security operations center (SOC) can be defined both as a team, often operating in shifts around the clock, and a facility dedicated to and organized to prevent, detect, assess and respond to cybersecurity threats and incidents, and to fulfill and assess regulatory compliance.

—Gartner

The 5 key things your SOC is going to do are:

  1. Proactive detection of malicious network and system activity. You don’t want to wait the average 206 days it takes US companies to detect a breach. You want to know as quickly as possible to minimize the effect of the breach.
  2. Threat awareness to adjust defenses before the threat hits you.
  3. Vulnerability management to see what may be vulnerable on your network to new threats before you get hit with them.
  4. Awareness of hardware and software assets running on your network so you can be aware of developing threats to them.
  5. Log management to give you and any authorities the ability to complete forensics if you do incur an incident or breach.

These are the major functions you want in your SOC amongst others like compliance monitoring. There’s no argument they are all clearly critical functions to keep your company protected.

So why don’t more companies have a SOC then? Mostly it’s because of price. The hardware for sensors and software you need is expensive on its own. But pales in comparison to the people cost.

Here are 4 reasons to work with a Managed Security provider to assist you with the task instead:

1. Security Analysts are in high demand. There are more positions for this skillset than there are people qualified.

The cybersecurity workforce gap is estimated to be growing, with the projected shortage reaching 1.8 million professionals by 2022.

—ISC(2)

Bottom line, this is difficult position to staff, so let a Managed Security Services company deal with it for you.

2. Security Analysts can command a salary of 6 figures. Are you willing to pay this for dedicated security system monitoring and management? In my 25 years of experience, I have seen very few companies that committed internal staff to this task. Most will delegate it to their best system or network professional as an additional job responsibility. This usually means that after a while of all being quiet, they’ll let it fall to the wayside and focus on other job functions, leaving your network vulnerable to threats.

3. Keeping your security professional up to date and certified is a daily commitment. Are you going to keep this person educated and give them the threat feeds necessary to understand what is coming your way on the internet? Are they going to have time to read about all the different threats that come into the field every day, filter through them, and figure out what may or may not be a threat to your business? Your SOC declines in effectiveness every day that this doesn’t happen.

4. The threat intelligence gained from what you can see in your systems is limited. A Managed Security provider is seeing the activity in your environment and their other clients’ environments. When a threat is discovered on one system, they can leverage this intelligence to proactively address on your system as well.

A SOC and security information and event management (SIEM) software backing that SOC is only useful if you have the people, processes and intelligence to maintain the tools and interpret the data turning it into useful information. This is not an extra duty, it’s a full-time job.

What to Look for in a SOC

When searching for a partner to help you, ensure they take security seriously. Your Managed Security provider should maintain certification for SSAE 18 Service Organization Controls, and specifically, what’s referred to as a SOC 2 Type II. (Not to be confused with “SOC” referring to your Security Operations Center, the “SOC 2” is an audit standard for that center.)

The SOC 2 protocol is designed for more advanced service providers. These can include managed service providers, cloud computing providers, data centers and SaaS vendors.

Stay tuned for our next post, “Why a SOC 2 Type II audit is a critical requirement with selecting a Managed Services or Managed Security Services provider”. We’ll delve into the requirements in greater detail.

Lewan has passed the SSAE 18 SOC 2 Type II audit. We provide a 24×7 SOC that clients can leverage in addition to our managed services Network Operations Center (NOC). These services can be utilized separately or together based on your needs. Contact Us to learn more.

Leave a Reply

Your email address will not be published. Required fields are marked *