Put a SOC in it

Tricia A. Howard

As the security industry has exploded in recent years, the need for a SOC (Security Operations Center) is dire. The “security sprawl” has become outrageous. So many tools, platforms, and services – it’s almost every day that a new company or tech is emerging. It’s just about impossible to keep up with them all. Additionally, this seems more impossible if you still have older tools in your environment.

All of this noise was the catalyst for creating traditional MSS. Tack on the talent gap and it makes sense that companies need some offloading. However, the problem is that a lot of the providers are trying to put square pegs in round holes. Unlike SOC, MSS does not have a central system. Either they have a very rigid supported tool-set or it was pure staff augmentation or a mixture of both. It was helpful in some ways. However, between that and misleading expectations, traditional MSS has been a bit of a dud.

The industry needs more than monitoring, we need action.

Cue-up Next-Gen SOC (Security Operations Center). A functional shared or dedicated outsource (depending on your organization size) should be an actual extra arm of your team. An adequate SOC can’t just be a monitoring solution. In contrast, it needs to be an automated, actionable, security solution.

For example, watching a burglar vandalize your house from outside your window doesn’t help anything if there’s no action behind it. These days, the industry is too expansive to allow for rigidity. This is especially true considering the overwhelming amount of stress and threats the practitioners are dealing with on a daily basis. Automation tools are an awesome way to help with this, but deploying them can be a nightmare if you already don’t have the team to manage it.

Use Your Tools Well With NGSOC

NGSOC is a way to utilize the tool-set you’ve already invested in as well as the people you’ve hired to actually do what they’re paid to do. Talent is crazy expensive and using them as log monkeys is a serious waste of budget. They are already scarce as is!

How many companies have outside legal counsel – a full team of them? Even when they have internal lawyers, there are still certain situations that require a full team of outsourced talent to make sure every angle is being scrutinized and strategized in the most effective way. Having an NGSOC team is no different. There are so many workflows that have to happen when an incident occurs. Depending on the severity it could take a lot of,time to quarantine, investigate, and remediate. Not to mention all of the other daily duties that are required of a team that could be overlooked due to the incident.

IR is a large part of any SOC – and a NGSOC is your “Criminal Minds” team. When the BAU gets brought into a case, they have to think outside the box to find the killer. They’re the best of the best profilers, talent that a typical local jurisdiction would not be able to afford, or even need, on a daily basis.

Tags: , , , , , , ,