Building a Security Operations Center to Reinforce Trust

0
53

By Tom Gilheany, portfolio manager for security training and certifications, Cisco Services

To succeed in today’s digital economy requires a new level of trust. Digitization is now the way enterprises innovate and grow. But it also gives bad actors many more means to disrupt operations and destroy trust. Trust is hard to earn, easily broken, and difficult to restore once it is lost. And not only trusts even harder to earn, but the impact of lost trust is also magnified in today’s digital world. Millions of customer records, an organization’s intellectual property, or even critical resources can be compromised more rapidly than ever before.

The rise of the SOC

It’s crucial that today’s organizations have Security Operations Centers (SOCs) to ensure trust. This is true whether the SOC functions internally or is provided by a third party, such as a managed security service provider (MSSP).

What is a SOC? It’s a group within an organization that monitors, detects, investigates and responds to cyber threats around the clock. The SOC is charged with monitoring and protecting many assets, such as intellectual property, personal data, business systems, and brand integrity. This includes the connected controls found in networked industrial equipment. The SOC assumes overall responsibility for monitoring, assessing, and defending against cyber attacks.

Four trends have led to the growing importance of SOCs:

  1. The need for a holistic view: A centralized real-time view of all digital assets and processes makes it possible to detect and fix problems whenever and wherever they occur. Centralization is critical for IoT systems. The sheer number of devices and the likelihood that they are widely dispersed make local monitoring impractical and inconsistent.
  2. The need for departmental collaboration: Now, more than ever it’s important that organizations maintain an environment where skilled people with the right tools can react quickly and collaborate to remediate system-wide as well as local problems.
  3. The need for cross-functional collaboration: It’s essential that cybersecurity tools and people work together with other critical IT functions and business operations. These departments align with business objectives and compliance needs for a high-performing operation that is efficient and effective.
  4. The need for company-wide coordination and communication: During a security event, it’s essential that there’s a centralized team to communicate with the rest of the organization and ensure an efficient resolution. In turn, it’s also important that the organization knows who to turn to in the event of an incident.

As the SOC has grown and evolved, so too have the associated job roles and responsibilities. Having the right team with the right skills in place is essential to optimizing an organization’s front-line defense.

Roles within the SOC

There are many roles within the SOC. While SOC teams vary, these roles typically include:

  • Cybersecurity Analyst: Analyzes information from systems using cyber defense tools to identify, categorize and escalate cybersecurity events.
  • Incident Responder: Investigates, analyzes and responds to cyber incidents.
  • Forensic Specialist: Identifies, collects, examines and preserves evidence using analytical and investigative techniques.
  • Cybersecurity Auditor: Measures the compliance of systems, procedures, and people against cybersecurity policies and requirements.
  • Cybersecurity SOC Manager: Manages the SOC personnel, budget, technology and programs, and interfaces with executive-level management, IT management, legal management, compliance management and the rest of the organization.

Together, this team works to identify and respond to cybersecurity incidents in real time.

Building a  SOC: a  challenge and an opportunity

In an increasingly digitized and networked world, SOCs are rising up as the enterprise’s front and best line of defense. The SOC is a strategic, risk-reducing asset that strengthens the security of an organization’s systems and data. Building a SOC isn’t as easy as simply hiring new team members, however.

The problem is that there aren’t enough people right now equipped with the skills to fill open cybersecurity positions. This skills shortage is one of the biggest cybersecurity challenges the industry is facing. Market intelligence firm Cybersecurity Ventures predicts there will be 3.5 million cybersecurity job openings by 2021.

Not only are there too few skilled professionals to fill the cybersecurity jobs, but a series of research reports from leading industry analyst Enterprise Strategy Group indicates that many currently employed cybersecurity professionals are overworked, not managing their careers proactively, and not receiving the proper amount of training to stay ahead of increasingly dangerous and prevalent threats.

How can your organization get ahead of these trends? Cybersecurity operations professionals are in high demand, and filling these roles requires individuals who are willing to train, reskill and certify to become expert security IT professionals in the modern technology landscape. Organizations can fortify existing internal teams by providing ongoing learning opportunities to expand and grow cybersecurity knowledge. They can also look for expert credentials, like certifications, when hiring to validate skillsets. Together, learning, training and certifying are essential for ensuring that organizations maximize the benefits of building a SOC team. Reinforce trust for your organization by investing in the SOC and investing in a culture of continuous learning, now and for the future.

About the author

Tom Gilheany is the portfolio manager of security training and certifications within Cisco Services. His background is diverse; he’s worked in small startups and multinational Fortune 100 companies in product management and technical marketing positions.  Prior to his transition to marketing, he spent more than a decade working in Information Technology and Operations. Tom holds a CISSP, an MBA, and is an active board member of the Silicon Valley Product Management Association and Product Camp Silicon Valley.