The Rise of Security Operation Centers may be the time to consider implementing a SOC...

As most enterprises grow, security measures are typically implemented one at a time in a fairly ad hoc way. There is no real centralization, and often a couple of savvy IT people become responsible for one or more security procedures. Cameras may be recording in a basement room, but you may not have the means to pay someone to actively keep a watch on them at all times. Your IDS, or intrusion detection system, may be running and protecting your network from some attacks; but you probably don't have someone spending their time watching logs for any anomaly, or any malware making it through. Your network ports may be configured not to allow unauthorized devices to connect to your network, but you may not have anybody who periodically checks routers and switches to make sure everything is running correctly. Even if a company is doing all of the above, the chances that they are proactively testing and identifying even obvious suspicious activity is doubtful. All of these tasks fall into the domain of an SOC. If this describes your current situation, with all sorts of security measures implemented but in a very decentralized way, then now may be the time to consider implementing a SOC.

Implementing an SOC

Historically, you would need some serious equipment and infrastructure to implement a SOC. To provide a central location that can keep an eye on all security for the whole organization, you would have had to make sure all relevant data and connections are fed into a single location. Thankfully, modern devices and software provide the same functionality without limiting it a single, physical location. For example, Windows Servers allow you to set up remote log monitoring using Performance Monitor, routers can send SNMP messages to a central server, and IP cameras can be viewed remotely. 

In addition to centralizing the monitoring function, security solutions can be deployed to provide additional data to monitor and react to potential threats. The staff working in a SOC can use that data to keep the organization safe from any intrusion and mitigate risks in realtime. In a well-designed SOC, several computers should gather and process logs in order to make it as easy as possible for the IT staff to monitor those systems. This starts by using good tools. One of the most useful tools for a SOC is Cacti, an open source network-graphing solution. Another popular tool is Nagios, also open source, and used to monitor an entire infrastructure. Finally, Zabbix is a great tool to monitor remote servers. In addition, solutions such as CSG International's Invotas, Nakina Systems' NI-Guardian, and ISC8 provide advanced internal and external threat and risk detection, monitoring, and reaction tools. But while innovative security solutions exists, many service providers and enterprises remain unaware of them and some are even choosing to build their own.

Why Wait?

While the technical side of a SOC is fairly straightforward to understand, the SOC should also play an organizational role as well. As security becomes a bigger and bigger concern, having good policies is a very important part of any security procedure. CEOs of some of the largest enterprises, such as Target, have recently lost their jobs as result of sub-par security and it's unrealistic to expect your employees to understand all the risks or expect them to engage in secure practices on their own. 

A single uninformed employee can compromise your security without even realizing it. And as you start adding policies, they can quickly become complex and hard to maintain if they are simply created randomly, without being centralized. This is why a SOC should work with every other department to ensure these policies are well-made and consistent. This includes everything from the type of passwords people should be using, to what devices they are allowed to bring to work, which documents, data or servers are sensitive, what happens if there are visitors in the office,and so on.

By working with management teams, training, and human resources departments you can make sure your SOC will be making effective policies that everyone understands and can follow. Having a centralized security function is key to ensuring security practices permeate your entire enterprise and paramount to having a good security policy, the right security tools, and dedicated security resources to ensure your organization is always on and protected.

The risks are becoming more sophisticated and organized, shouldn't your security?


Latest Updates

Subscribe to our YouTube Channel