How to transition to a Modern Security Operations Center (SOC)?
With the growing in cyber-attacks, all organizations are forced to realize the importance to have a centralized Security Operation Center (SOC).
Gartner made the assumptions in their SOC Model Guide published on 19th Oct 2021 that:
- By 2025, 90% of SOCs in the Forbes Global 2000 will use a hybrid model by outsourcing at least 50% of the operational workload.
- By 2025, 33% of organizations that currently have internal security functions will attempt and fail to build an effective internal SOC due to resource constraints, such as lack of budget, expertise and staffing.
ELCA sees the trend that more and more organizations are looking to outsource the SOC services to an MSSP (Managed Security Services Provider).
What are the important best practices for a modern SOC and how to choose a provider accordingly?
- Operating and Engagement model: Define the SOC operating model based on your organization’s requirements, Current SOC State and Future Objective & Roadmap.
We need a provider with compatible engagement model. A hybrid engagement model allows more flexibility and more effective collaboration, but harder to manage as well.
- Sustainable and effective processes: It is important to continuously improve your processes and tailor them to fit your needs.
You need support from your provider to be transparent, flexible beyond a standardized engagement process.
- Technology & capabilities: SOCs face complex challenges. Technologies and capabilities for detection and response to threats set the foundation for the SOC. Automation and Treat Intelligence make your SOC future-proof.
You need a provider who is familiar with the available technologies and can select best offering for your defense.
- Services: 24x7 capabilities are required to build and manage the SOC as well as continuous improvement of processes and service components to cope with the threat landscape constantly evolving.
You need a provider who can provide setup and integration efficiency. Always define SLAs and communication processes clearly with your provider.
- Data sovereignty: Keep the control on the sensitive data is a key topic and therefore having a MSSP provider provide its customer with full control, ownership and admin rights on his data is a must.
Not only you need to avoid vendor locking mechanisms but more over you need a partner who provide the necessary transparency.
To support our customer, ELCA has created a new dedicated entity named: Senthorus. The company provides a wide range of managed security services through state-of-the-art Swiss-based SOCs. We can be your 24x7 SOC provider and help you to improve your security processes.