The Home of the Security Bloggers Network
Home » Security Boulevard (Original) »
The past 20 months have truly changed how business is done. For cybersecurity professionals, almost every organization had to move swiftly to support remote employees and new cloud-based services that were brought on to support this new way of working. Looking forward, there’s no going back; the era of hybrid work is here, bringing with it an expanded attack surface that malicious actors are increasingly taking advantage of. In fact, nearly 80% of senior IT and IT security leaders believe their organizations lack sufficient protection against cyberattacks despite increased security investments made within the last year to deal with distributed tech and work-from-home challenges.
This rise in threats paired with accelerated digital transformation efforts at record speeds means security leaders must continuously reevaluate protection and prevention strategies. A good place to start? Rethinking the traditional security operations center (SOC).
There are many factors that come into play when selecting the right security model for an organization, and over the years, the approach to outsourcing the SOC has evolved. The traditional MSSP model augmented organizations’ security programs with additional staff. Unfortunately, this approach doesn’t scale and, worse, doesn’t improve security outcomes. Many vendors address this with a “rip and replace” approach to introduce their technology that’s managed by their services team; however, relying on a single vendor for detection and response doesn’t provide full visibility into the organization, leaving gaps in defenses.
In response to the shortcomings of traditional MSSPs, many organizations are turning to a “SOC-as-a-service” model, which uses an outcome-based security model to evolve a security program and add new capabilities while improving security teams’ efficiency and increasing security confidence throughout the business. This approach focuses more on specific risks and outcomes. This approach allows security teams to make more informed decisions about new security investments, rather than overinvesting in one vendor’s solutions. A flexible approach unlocks more value from existing security tools and allows you to strategically select new tools to match the essential needs of the security program.
A SOC-as-a-service has all the capabilities and tools that physical SOCs have, including continuous monitoring and threat hunting to improve an organization’s security posture through prevention, detection, analysis, response and triage techniques. The SOC-as-a-service has myriad additional benefits as well—one of which is cost. A physical SOC can cost millions of dollars to build and an equally exorbitant yearly maintenance cost. Beyond direct costs, staffing, training and turnover all increase the total expense of managing a physical SOC.
While reducing costs, the SOC-as-a-service model is cloud-native and can help modernize cybersecurity, especially to help with scaling the security program. With that said, there are some instances where the expertise and tools needed to upkeep the SOC in the cloud, such as uptime and keeping consistent integrity, far exceeds what an organization can get done with a physical SOC. The SOC-as-a-service also works hand-in-hand with the evolving workforce and works quickly and efficiently to adapt to new changes quickly. The pandemic caused a huge uptick in employees working remotely, and their computer activity bypassed the enterprise network and went straight to cloud applications. With a SOC-as-a-service, an in-house team is better able to recalibrate baselines and adjust for false positives, which should be expected as a result of this workforce shift.
A unified workbench is a critical element of a best-in-class SOC—it’s what allows security teams to move away from the exhausting “swivel chair” approach to proactively managing security. The right SOC-as-a-service will enable new capabilities like threat hunting as well as breach and attack simulation to move to a proactive security posture that gets ahead of threats. Be sure to choose a SOC-as-a-service backed by technology-enabled security expertise to augment in-house teams with coverage, new skillsets and community-based protection based on the latest threats hitting other organizations.
It’s also important to consider the right layer of XDR technology for a SOC-as-a-service to reduce noise and work with customers to focus on the most impactful threats to their organization. With less noise and busywork, organizations can evolve cybersecurity from a reactive to proactive program to minimize the impact of threats, even while the volume of threats increases. Incorporating XDR into the SOC-as-a-service will also provide for additional visibility and control across a variety of endpoints and networks. Because more employees are working remotely, it is important to choose a SOC-as-a-service provider who can help adapt to these varying networks and devices that open the organization to more risks.
The future of work is hybrid and will remain so even after the pressures of the pandemic lesson. As a result of the evolving workforce, security strategies must align to better protect organizations, regardless of where or when an employee works. The past year has made society rethink the concept of “work,” and rethinking security operations is no exception.
Joe Partlow, ReliaQuest CTO, currently oversees all new research and development efforts and new product initiatives. He has been involved with Infosec in some capacity or role for over 20 years, mostly on the defensive side but always impressed by offensive tactics. Current projects and interests include data analytics at scale, forensics, threat, security metrics and automation, red/purple teaming, and artificial intelligence. Outside of Information Security, he has been involved in many other areas of the business including Web Development, Business Intelligence, Database Administration, Project Management, IT, and Operations. He has experience in many different business verticals including retail, healthcare, financial, state/local government, and the Department of Defense. He is also a regular speaker and contributor at security conferences, groups, and associations.
joe-partlow has 1 posts and counting.See all posts by joe-partlow
The Home of the Security Bloggers Network