The Mission of the Modern SOC
When the first generation of security operations centers, or SOCs, sprung up some 50 years ago, these command hubs largely were concerned with threat prevention. Attacks were plentiful, but not overwhelming, and the perimeter was adequately contained within
most businesses, allowing security teams to rely on traditional technologies like anti-virus, firewalls and intrusion prevention systems to deflect the brunt of threats, which were reasonable, if not rudimentary, in terms of sophistication.
SIEM arrived on the scene, taking large collections of log data and turning them into actionable information for analysts. Its appearance coincided with the emergence of data breach disclosure laws, triggering a never-ending stream of
publicly acknowledged security gaffes and incidents that continues to this day.
At the same time, thanks to stringent compliance requirements, evolving corporate attitudes around risk and a perpetually ballooning attack surface, organizations now desire greater control over the monitoring, detection and response to threats.
This has midwifed a situation where the average enterprise is locked and loaded with an assortment of security tools, meaning alerts are incessantly firing off and threats invariably need triaging and prioritizing. This has only grown more pronounced, where remote workforces prompted furious cloud and IoT adoption, itself opening a litany of new exposure points which are entirely newsecurity black holes.
Complicating matters, in addition to the ongoing security skills shortage, is that all this noise results in a lot of unorganized, out-of-context and unactionable data for you and the team to ingest. Another side effect is “alert fatigue,” the result of manually performing too many redundant and perfunctory tasks. This has – and continues to – take an emotional toll, from missing important alerts to burning out.
The Culture of the Modern SOC
Modern security operation is an achievement in technology, engineering and composition, it also must be a feat in approachability, support and collaboration with the greater organization – because everything touches security and security touches everything.
Security operations should be seen as a great benefit across the business and if not business groups will work around the SOC, which will give birth to shadow IT.
To avoid this fate requires the modern security operations practitioner to be empathetic, accessible and helpful. Ultimately, the goal is to join forces to mitigate risk together.
The below are some key areas of skills to focus on throughout the organisation:
- Software Development
- Incident Response /Forensics
- Vulnerability Management
- System Administration
- Network Engineering
- Threat Intelligence
Trends of the Modern SOC
While there is widespread agreement that many SecOps programs are not where they need to be in terms of performance and maturity, there is less consensus on exactly where they should be and how best to get there. Major shifts are forcing organizations’ hands and are metamorphosing the way in which security operations is being conducted due to some of the below:
- Cloud & Infrastructure Transformation
- Remote Workforces and Team Organization
- Accelerated Managed Security Services Utilization
- Low-Code/No-Code Automation
Things to Utilize in the Modern SOC Architecture
- Use Extended Detection and Response (XDR) to Expand Visibility
- Use the MITRE ATT&CK Framework to Classify Attacks & Assess Risks
- Use Zero Trust to Address Security Requirements
- Adapt Security Orchestration, Automation and Responses (SOAR)
How Can IT MINISTER Help You?
IT Minister covers all aspects of Cyber Security including but not limited to Home cyber security managed solutions to automated, manage threat intelligence, forensic investigations, Mobile Device Management, Cloud security best practice & architecture, OSINT and cyber security training. Our objective is to support organisations and consumers at every step of their cyber maturity journey. Contact Us for more information.