Traditional SOC is unprepared for the new reality.
Not too long ago, security was considered a roadblock for new initiatives wherein developers had to wait for months to get security approvals and requirements. In the cloud-native world of today, this is unrealistic. In a matter of a few minutes and hours, applications and projects are made live. Besides, there’s additional pressure caused by the shift to a remote workforce. Both the risk and the liability of security on organizations have increased.
As a matter of fact, CISOs are finding themselves spending more facetime with the board leaders than before. As per Sam Olyaei, a Gartner analyst,
As board members realize how critical security and risk management is, they are asking leaders more complex and nuanced questions . . . Boards today are becoming more informed and more prepared to challenge the effectiveness of their companies’ programs.
In a typical boardroom setting, CISOs can find themselves answering questions of both reactive and proactive nature, such as,
- What just happened and why?
- Are we 100% safe? Do we have any compliance problems? Did we know about it?
- What do we do now? How to resolve the issue? What could have been done to prevent this? Why didn’t we do it before?
- Are we doing better security than our competitors? How do we know?
- Is what we are doing enough to strengthen our security posture?
- Are our efforts aligned with business outcomes?
- Are we able to reduce risk consistently?
- What represents the most significant risk to the company as of now and in the future? What business impact could it have?
- What can we do about it?
Taking a “reactive” approach is the norm yet it positions organizations in defensive positions while leaving security operations still at high risk. We recommend taking a “proactive” approach focused on building “resilient” security operations.
The short answer is to focus on cyber operational outcomes driving business continuity. The objectives are to avoid outages caused by external breaches and ransomware attacks. For a detailed answer, download the eBook How CISOs can leverage intelligence – a board’s eye view of SOC.Download the eBook
How to shift towards outcome-driven intelligence?
Much of today’s reporting around security emphasizes controls and criteria established by frameworks such as the International Organization for Standardization (ISO) and the National Institute of Standards and Technology (NIST). These audit reports are limited in their purview to provide a complete picture of your security preparedness. Most of the audit questions are related to the existence of controls, but they provide no visibility into their performance or level of protection.
As such, it could be a big mistake to think that you are secure by simply relying on risk and audit committee reports.
A better approach is to equate risk avoidance to the cost and business impact analysis. It puts you in position to answer more meaningful questions like,
- Which types of risk can we potentially be exposed to? And why?
- What could be their business cost?
- Can we rank risks in terms of the probability of getting attacked?
- What is our level of preparation?
- Is our attack surface decreasing? If yes, how much?
An essential component of this shift is a modern approach towards SOC.
How a modern SOC helps you drive value to the board?
Traditionally, SOCs (Security Operation Center) have been structured to focus more on threat detection than identifying exposure to threats. A chain of events gets triggered at an indicator of malware, active exfiltration, or insider attack, ultimately causing SOC analysts to spend an exhaustive number of hours on false positives, manual, and siloed processes. The whole approach is inefficient, tedious, and reactive.
Since exposure leads to the attacks in the first place, a focus on finding and cleaning up the digital exposure provides a more holistic view of risk. Essentially, this means less exposure and fewer alerts in the first place. Evolving to this model of operations in your SOC moves your security from reactive to the proactive stage.
Precisely, this is the very proposition of an Intelligent SOC.
Here are the key benefits of deploying an Intelligent SOC:
- Find and mitigate digital exposure as or before it happens, so there are fewer and fewer events
- Connect the dots and clean up your attack surface before it gets discovered or hijacked by adversaries
- Use the time saved on detection, response, and managing tickets to implement new best practices
These defining features of Intelligent SOC make security operations more effective and your security posture stronger, which we’ll dive deeper into our next blog in the series.I want to know more
Subscribe To Our Newsletter!
The best source of information for Security, Networks, Cloud, and ITOps best practices. Join us.
Thank you for subscribing!