Transforming the SOC: Building Tomorrow’s Security Operations, Today

Shawn is a participating member of the Cyber Resilience Think Tank. The Cyber Resilience Think Tank is an independent group of industry influencers dedicated to understanding the cyber resilience challenges facing organizations across the globe, and together, providing guidance on possible solutions.

Excerpts from eBook: “Transforming the SOC: Building Tomorrow’s Security Operations, Today”

Introduction

“The Cyber Resilience Think Tank gathered at RSA Conference to explore building out security operations center strategies. Read the report to get more insight on the four main trends they uncovered.”

Cyber Resilience Think Tank Report, Feb 2020

“When you think of a security operations center (SOC), what
comes to mind? Is it an organized team of security analysts and
engineers who detect, analyze, and respond to incidents, always
working in lockstep with business managers to execute on the
security strategy? Or, is it a few analysts who spend their days
reactively responding to unprioritized security issues with a
variety of point tools at their fingertips?”

The human element

“The skills gap in cybersecurity is well documented; a 2019 study by (ISC)2 showed the cybersecurity workforce gap in the U.S. is approximately 500,000, and by estimating workforce gaps in 11 major economies around the world, it is believed that we have a cybersecurity talent shortage of just over 4 million.”

The idea of mapping cybersecurity threat trends is certainly not new, but it can be difficult to achieve when the number of incidents is too high for humans to manage. According to Shawn Valle, Chief Security Officer at Rapid7, the amount of times he’s heard that an external SOC is three or four hours late to report an incident is unacceptable.

“We all know that if it’s ransomware or some other malicious code,” Valle said. “It’d take milliseconds to spread across your entire network. Usually I hear that lack of manpower is the culprit, but it’s akin to having a home alarm system that goes off after the police file their report and leave your house.”

The argument for zero, partial, or a fully outsourced SOC staff may never be resolved, but experts agree that when SOC analysts and engineers are tuned into your organization’s cybersecurity strategy, business processes and overall business, the relationship is no longer transactional. Instead, the relationship and the outcomes of the SOC are directly tied to the security needs of the business.

Full report here: https://www.mimecast.com/globalassets/cyber-resilience-content/transforming-the-security-operations-center.pdf