With cyberattacks growing exponentially as result of COVID19, Mid-Market companies (those less than $1bn in revenue) are accelerating their investments in cybersecurity to ensure their ability to ward off the increase in attacks and maintain the survivability of their businesses.
As a mid-market business evaluating security partners you are likely to run across one of the most misused buzzwords in the space, “SOC” or Security Operations Center. In doing your research it probably appears that everyone and their brother has one of these “SOCs” and that they are all created somewhat equal. Well unfortunately, that is far from the truth as the market is using the term to define anything from a couple hoodie-wearing recent college grads crammed in a few basement cubicles to an NSA secret bunker requiring top secret clearance to gain entry.
Let’s spend a couple minutes demystifying the term “SOC” so that you know what questions ask and how to determine the best partner to protect your business.
First … What Is A SOC?
Textbook Answer: A security operations center is a facility that houses an information security team responsible for monitoring and analyzing an organization’s security posture on an ongoing basis. The SOC team is comprised of cyber analysts and engineers whose goal is to detect, analyze, and respond to security incidents using a combination of technology, human analysis, and a strong set of processes. These facilities operate 24/7/365 to give businesses the needed advantage of defending against incidents regardless of source, time of day, or attack type.
Super Simple Answer: A dedicated, secure office environment requiring a multi-million-dollar investment that only your security team can access with lots of screens on the walls flowing with monitoring data.
Hollywood Version:
CTU Headquarters from the hit show “24” –Where would Jack Bauer have been without the support of his SOC?
The truth is all SOCs are not created equal, and some are not even SOCs to begin with. So, how do you vet out what is best for your business? Let’s focus your questions around these four areas: Facility, Staff, Technology, and Methodology.
Facility
- Do you have a secure, dedicated facility? The SOC should not have things like windows or be located in an area susceptible to natural disaster (yes, I have had to review city-provided floodplain maps prior to approving a facility to be built in a downtown location in the Southeast)
- What are the operating hours? There must be physical bodies in the SOC 24/7/365 with “eyes on glass.”
- What controls are in place for access to the SOC? Access should be limited to only security personnel. Guests should be required to scan government issued ID’s and sign logs to enter for pre-arranged tours.
- How are you providing connectivity to the SOC? There should be multiple redundant connections to ensure resiliency. “Dirty” connections should also be available to enable reverse-engineering and advanced security research.
- Could we schedule a time to tour your SOC? Any hesitation and/or deflection is probably a leading indicator of them not having a “true” SOC.
Staff
- What is the experience of your SOC team? Are these recent grads with limited experience or former Department of Defense or Fortune 100 analysts? Skilled technicians and a sound methodology are the key to success for an efficient SOC, make sure you are investing in experienced talent.
- What is your education and retention strategy? There is already a 30% shortage of cyber professionals in the market. With process and team chemistry being critical to running an efficient SOC, it is key to understand the tenure of their current staff and what measures they have in place to train and retain said staff.
Technology
- What technology do you use to run the SOC? Typical SOC infrastructure includes firewalls, IPS/IDS, breach detection solutions, and a security information and event management (SIEM) system. In addition, technology should be in place to collect data for its clients via data flows, telemetry, packet capture, syslog and other methods.
- How many technologies do you manage on behalf of your clients? It is well documented that efficiency and speed to action is critical when responding to cyberattacks. If the staff in a SOC are managing many different flavors of technologies, it is virtually impossible for them to be proficient at any one technology and thus, reducing their ability to create efficiency.
- Do I need to buy my own? The SOC itself will use tools to create efficiencies and run the operations of the actual facility. You will likely need to invest in security technology that will then be managed by the SOC on your behalf. It is vital that the SOC understands your company’s threat profile so that they can recommend the level of technology that is right sized to your profile.
Methodology
- What methodology does your SOC use? The SOC should be using a pre-defined framework that includes playbooks, policies, and procedures that dictate the routine operations of protecting its clients’ environments. They should have documentation of these readily available for your review.
- How does it apply to my organization? The SOC should be tailoring their standard framework to the threat profile of your business. They should ask the priority of assets you want to protect and be able to walk you through how the framework will deviate from their standard to accomplish your goals.
What’s Best Approach For Your Mid-Market Business?
While most mid-market security professionals may aspire to run their own internal SOC operation, the truth of the matter is that they don’t have budget large enough to build, operate and maintain it themselves, let alone recruit and retain skilled staff. More and more IT security professionals consider outsourcing not only to save cost but keep up with the evolving threat landscape. The key is to ensure you are empowered to identify partners with real SOCs versus those that are using the buzzword to be in the game.
For more information, please contact us to schedule a call so we can discuss your specific security needs.
Want To Learn More? We Are Here To Help!
Click below to schedule a short demo to learn how we can optimize your technology to generate greater productivity, efficiency, and competitive advantage, while reducing costs.