Cybersecurity Solutions

Drafting for Value: How to Choose a New SOC Automation Solution

    Dan Lamorena
    by Dan Lamorena
    category Cybersecurity Solutions

    Today kicks off the 2020 NFL Draft, and like all of us, NFL General Managers are working from home using a gamut of collaboration tools and hoping to make great decisions to help drive the success and value of their organizations.  When we look at how we evaluate technology purchases to make, we often have to make some of the same decisions NFL General Managers make when free agency and the draft rolls around. Let’s look at some of the parallels.

    Long-term vision

    Some organizations are system driven. They have an idea of how their team should act and perform, and they build that team both in temperament and skill. For example, more teams are playing with two tight end sets to give themselves more flexibility in the pass/run game. This means that some teams need more talent at tight end. What is the vision for your security organization? What are your goals and how will you measure success? Where are you going to invest and build into your capabilities? For many organizations, the SOC is seen as a critical component of their security program. How are you measuring success?  Identifying attacks earlier and showing reduced dwell time? Time to respond and mitigate?  If so, are you investing in additional security coverage with a SOC automation tool?

    Increasing roster flexibility

    In the modern NFL, teams require a roster that will enable them to play different ways. The New England Patriots are famous for changing the look of their defense to fool quarterbacks and adjust schemes from week-to-week to take away different strengths of opposing offenses. When considering new security solutions, will it fit in with additional technologies and services that you intend to acquire? Will it lock you into a particular vendor footprint? Many organizations are moving to more cloud-based service models and traditional network technologies may not be as prevalent. Will your solution grow with your future investments? To prevent lock-in, look at solutions that are vendor agnostic, and enable you to choose best-of-breed and what works best with your infrastructure.  It will also enable you to negotiate better contracts as the switching costs will be much lower.

    Time to value

    When drafting in the first few rounds, successful organizations aren’t looking for projects, they are looking for starters who will impact the game right away. Increasingly, teams do not have time to wait for projects to develop.  NFL GMs want to see results right away. Does your new security project have a long installation process?  Do you have to bring in consultants? Do your processes have to change dramatically? Will you require coding talent and have to deal with ongoing maintenance to keep it performing?  As vendors, we need to develop solutions that work out-of-the-box and are simple to use and maintain. One may look at new vendors who are trying to solve this problem with cloud delivered solutions that can be up and running in hours.

    Draft for need

    Every team has a weakness. The draft provides an opportunity to bring in new talent and make a weakness a strength. Security talent is the scarcest resource on cybersecurity teams. Find tools that augment your talent, increase their productivity and enable you to automate more, freeing your people up to work on other high priority projects. Are you reducing false positives that your teams have to chase down?  Can you reduce busy work? How can you increase the job satisfaction of your key players?

    Prioritize spend

    The modern NFL has recognized that some positions have higher values than others. Quarterbacks are paid well, while running backs are drafted later and given smaller, short term contracts.  Where should you be spending in your technology chain?  For many security operations teams, 50% of their budget is locked into their people. What can you do to drive greater efficiencies and be more effective?

    The proven veteran vs. a rising upstart

    GMs often have to consider choosing between signing older, experienced free agents who may be on the downside of their careers or going with up-and-coming talents who are unproven.

    IT leaders often have to choose between longtime vendors and new technology and approaches from start-ups. The technology cycle is shown to go in waves and older technology and the vendors that build it either acquire young upstarts or eventually get surpassed. Risk averse organizations who seek the status quo tend to stay with known older technology and vendors. Early adopters look at new technology as an advantage and seek to drive innovation through investment and joint development. Many early adopters tend to get more ROI from the IT spend.

    Technology choices, like draft picks by NFL GMs, have a dramatic impact on team performance and future success. In many cases, if you choose wisely, you will achieve your goals, while those that waste those opportunities find themselves looking for their next one.  Hope your team does well this weekend and gets the help they need.