By: Jesse Cryderman

Hacking and identity theft has become a part of daily life, just like catching a cold or getting a flat tire. It’s one of those annoyances that we’ve come to accept as part of modern life. It wasn’t always that way, however. Prior to our ubiquitous, high-speed networks, hacking was relegated to geek-speak and movie scripts. Today, however, a data intrusion is just as likely to be pulled off by a financially motivated criminal organization as it is a “script kiddy” operating out of his parent’s basement. Hacking toolkits are readily available on the Internet (along with instructional guides and support forums) and everyone, and soon everything, is going to be connected creating a perfect security storm.

Today, the battle for security is constant and unrelenting. Sensing the increase in opportunity crime syndicates and unscrupulous nation states have increased their hacking activity and this has brought a level of collaboration and sophistication to the arena that is far beyond what has ever existed before. As a result, many of the old ways of managing security simply don’t stand up to today’s threats. Security teams need to boost their sophistication and collaboration to meet the ever-evolving risk.

A growing strategy for service providers and large enterprises is to move security from one-off IT processes to a formal, centralized Security Operations Center (SOC). A SOC is a centralized unit that monitors suspicious activity, investigates alarms, conducts security tests and audits, and contends with security issues on an organizational and technical level.

What's an SOC?

Simply stated, a SOC is a centralized facility responsible for every aspect of security in an organization. The concept of a SOC is not new, but has historically been implemented in large sensitive organizations such as government buildings, financial institutions, or large backbone providers. But two things changed this in recent years. First, it has become a lot more affordable to set up an SOC in your own organization. What used to require millions of dollars of investment can now be done for a fraction of the cost. Second, SOCs have shrunk in size and complexity and the technical and space requirements are significantly lower than before. 

Think of the layers of risk today's enterprises have to mitigate. You have the physical security layer, from cameras monitoring the working areas, to door locks, access, alarms, and so on. Then you have data and network security; things like physical servers, network cables that could be tapped into, network connections that allow people to plug their devices into your network, and more. And of course the internal risks of misuse and mistakes governed by internal rights, permissions, and policies. Finally, you have virtual security such as firewalls, malware protection and intrusion prevention systems; methods that can prevent people on the Internet from breaching your security and getting into your network and data. There are a lot of different ways your sensitive data can be accessed and, as such, there are many aspects of security you need to keep an eye on.  As these risk areas continue to grow, centralizing the security function in a SOC makes more and more sense.