Increasingly frequent and sophisticated threats to the IT security system of enterprises have clearly shown how the Security Operation Centre (SOC) can provide important help in erecting an effective defence to data. That's because the SOC performs uninterrupted monitoring and analysis of network traffic activity in an attempt to prevent or identify attacks. And, if successful, it does what’s necessaire to quickly remedy the situation and limit the damage as much as possible.
Security Operation Center, what it consists of
The SOC consists of a team of computer security specialists and qualified analysts. Its structure therefore makes it a high-profile IT department, which also stands out from other security departments because it conducts advanced operations exclusively. Through its activities, the Security Operation Centre seeks to prevent cyber security threats through early detection, but also to respond promptly to any hacking incident or data breach. The SOC monitors computers, networks, servers and all other devices used to manage network traffic 24/7. It uses a wide range of sophisticated tools such as SIEM (security information and event management) following advanced procedures to identify any security gaps in the IT infrastructure. When a suspicious event is identified, the SOC investigates and reacts accordingly.
Internal or outsourced
As any typical IT security department, the SOC can be internal to the company and thus composed of employees of the company itself. In this case, due to the specificity of the Security Operation Centre, it is necessary to hire highly qualified technicians capable of using the sophisticated tools. Moreover, these specialists must always be up-to-date on the latest developments in IT security, so training must be an integrated part of the SOC's activities. Basically, companies who want to set up their own Security Operation Centre have to plan a very complex and expensive process.
As a result, very few companies establish their own in-house SOC department. Far more frequently, companies take advantage of the Security Operation Centre as an outsourced service. This type of solution produces only one cost: the service cost.
In this way the other tasks are delegated: choice of personnel, training and continuous education. The same applies to the advanced equipment used by an SOC in its IT security protection activities: it is no longer necessary. Moreover, a specific SLA can be defined with the provider to guarantee a precise level of service adapted to the company's needs.
But is a SOC really worth the investment?
If you ask yourself how useful a SOC would be for your company, the answer might be that the value of a SOC is proportional to the damage that a successful cyber security attack could cause. From another perspective, this is quantifiable in the economic and image damage a data breach creates. While the first type of damage can be resolved quickly, image loss is more difficult to recover, as it is a matter of regaining customers' trust through cracked credibility.
On the other hand, customers are increasingly demanding to know how their data are managed. And showing that you have an active SOC certainly gives you more credibility.
Moreover, it takes an average of six months for a company to discover that it has been the victim of a cyber attack (according to Clusit data), whereas an SOC allows for real-time identification of even a threat. And in the case of infection by malware (the medium most frequently used by cyber criminals), propagation time is reduced to a minimum. These aspects should not be underestimated if we consider that nowaday with the GDPR (General Data Protection Regulations) it is necessary to notify a data breach within 72 hours.
Furthermore, in the event of a breach, it would be impossible to determine the cause if the appropriate data are not available. An SOC has registers containing data on the scope, technical architecture, monitoring and maintenance processes properly archived so that all evidence and vulnerability indicators are retained for possible forensic examination.