The average SOC is no more prepared to solve their cybersecurity issues today, than they were 10 to 20 years ago. Many security applications have been developed to help protect your network, but SOC Design has traditionally remained the same.
Yes, it's true we have seen advancements like improved management of data with SIEMS and Orchestration of resolutions, but these tools haven't resolved the fundamental challenges. Data generated from the most basic security alerts and incidents are overwhelming and still plague the most advanced security organizations.
According to a recent article in Computer Weekly, the issue is that most organizations, even with the tools & the know-how, are still getting the basics all wrong.
“Spending on IT security is at an all-time high. The volume of security offerings to cover every possible facet of security is unparalleled...The reason so many organisations suffer breaches is simply down to a failure in doing the very basics of security. It doesn’t matter how much security technology you buy, you will fail. It is time to get back to basics.”.
The article mentions that security operations teams need to focus these four key areas to really see any impact positively affecting their SOC design:
- Security Strategy
- Security Policy
- User Awareness
- User Change
But is it as simple as this?
The answer is a resounding YES!
There is no question that it’s still possible to cover the basics in security strategy and achieve enterprise security results. Our recommendation? Start with the most tedious and time-sucking part of security analyst role -- analysis and triage of all collected security data. Let your team focus on higher-priority tasks like cyber threat hunting. It’s where you’ll get the biggest bang for your buck.
For over the past 10 years Steven has built and matured security operations, and hunt teams for companies across the globe. Steven Wimmer has provided strategic and operational consulting to over 20 companies globally, including end to end SOC builds, hunt teams, and incident response. Prior to his role as Senior Technical Account Manager at Respond Software, Steven worked on developing hunt operations and cyber intelligence services at HP Enterprise. Steven is a seasoned cybersecurity veteran with a focus on developing and improving security operations in all verticals.View all posts by Steven Wimmer