Subscribe To Our Newsletter!

Stay up to date on the top trending threats as well as the top stories in Security, Networks, Cloud, IT Ops & AIOps.

Netenrich SOC-as-a-Service: Changing the game for CISOs

Security + Service = Unprecedented functionality

Post by Rajarshi Mitra In Security on Aug 20, 2020

Organizations have a significant cybersecurity problem these days. Traditional methods of incident remediation, as most SOC (Security Operations Center) teams follow, can be inadequate.

The current state of cybersecurity

Here are some stats to keep in mind:

  • The global cybersecurity market is projected to reach $248.3 billion by 2023, growing at a CAGR (Compound Annual Growth Rate) of 10 percent.
  • As of 2017 over 1,339 total breaches reportedly exposed 174.4 million records.
  • The AV-TEST Institute registers over 350,000 new malicious programs (malware) and potentially unwanted applications (PUA) every day.

These trends point to a steady demand for cybersecurity talent. Has this demand been balanced by an equivalent supply of talent?

Clearly not

  • 44 percent of security operations managers see more than 5000 security alerts per day and can only investigate 56 percent of them.
  • Cybersecurity skill gaps leave 1 in 4 organizations exposed to inefficient operations for 6 months or longer.

Timing—and context—are everything

SOC alert fatigue

Security breaches and network failures can be a recurring reality for modern cybersecurity ops teams, and a burden on a company’s resources and processes. A lack of actionable intelligence and situational awareness keeps security teams from acting quickly to prevent devastating breaches. As much as CISOs want tools like Splunk, SIEM (Security Information and Event Management), and Behavioral Analytics to be magic bulletstools alone are not enough.

Many enterprises can benefit from adopting a SOC-as-a-Service approach.

SOC-as-a-Service addresses two major challenges:

#1: SIEMs are not enough

There is no denying that SIEMs are crucial to maintaining overall organizational well-being. However, they need a lot of admin and management and must be finetuned to service your organization properly. You need to remember that a SIEM will not automatically understand your policies and business context.  

Normal day-to-day operations alone will create a flood of alerts with 1,000+ suspicious events per 50M log events per day. The rules and use cases defining the SIEM need to be stated clearly by your security team. However, even the besttuned SIEM will generate 50 suspicious alerts per 50M log events per day. 

But even a good security analyst can only investigate about 15 suspicious alerts per day to discover 1-2 actionable alerts per shift. Safe to say it takes a dedicated team to monitor and drive contextual conclusions from your SIEM consistently. 

#2: SOC isn’t so easy 

Maintaining a dynamic SOC team is hard, and your security team already handles a wide variety of tasks that leaves little time for business-critical needs. This exhaustive list of tasks includes:  

  • Maintaining your SIEM. 
  • Use case analytics. 
  • Threat Intel research. 
  • Continually searching for errors on your attack surface. 
  • Multiple event investigation process workflows. 
  • Escalation workflow and run book. 
  • Helpdesk process and workflows.  

A good SOC also requires substantial investment in experienced people to take care of administrative and analytic duties:

Administrative roles (1-2 FTE)  

  • Dedicated SIEM admin. 
  • Authors that dictate and form the SIEM rules. 
  • Health and performance monitoring and remediation. 

SOC Analysts (6-12 FTE)

  • Security analysts and engineers. 
  • Incident response triage manager. 
  • Threat research analysts. 
  • 24 X 7 X 365 operations help desk. 

SOC-as-a-Service Strikes the Right Balance 

Keeping a SOC running efficiently 24/7 stands to grow even more challenging for the foreseeable future. Adopting your ideal variation on SOC-as-a-Service meets some of the CISO and SecOps team’s greatest challenges, like SIEMs not working to their highest levels, rising tool complexity and traffic loads, and perennial skills gaps and shortages.  

 Netenrich’s SOC-as-a-Service brings extensive resources and expertise across threat hunting, log analysis, and other activities to complement your existing operations. Our team of 80+ analysts and admins have decades of experience working across vertical industries and can efficiently onboard and scale services. 

We have successfully evolved our SIEM to solve for a variety of use cases such as securing data in public clouds, applying user behavior analytics, and deflecting malware, APTs, phishing, and brute-force attacks. 

Along with a world-class, cross-platform SOC, we have also succeeded in SaaSifying our enterprise, on-prem SIEM tool. Baking in our newly launched Knowledge NOW (KNOW) threat intel platform adds even greater value in solving for SecOps challenges and attack surface management (ASM) [Read more about that here]. 

See It in Action 

To learn how enterprises are gaining greater security efficiencies, hear from leading experts on SOC-as-a-Service in an upcoming SANS webinar entitled “To build or not to build: Can SOC-aaS bridge your security skills gap?” August 27, 1 PM EDT. Sign up here.

Notes:

CONNECT WITH US

About Author

Rajarshi is a creative and accomplished writer who made his mark in the blockchain space before stepping into cybersecurity. When he is not working, he is busy chilling with his wife and cat, catching up on the latest Netflix docu-series.....or watching Harry Potter for the 5781241516th time.