A Security Operations Center (SOC – pronounced like “sock”) is a dedicated team of individuals with expertise in responding to active security events. In the current state of cybersecurity, a 24x7 SOC is very high on the list of must-haves for most businesses.
What Does a Security Operations Center Do?
Triaging alerts and notifications is a responsibility of a SOC. Cybersecurity is a complex industry with many different categories of tools available across hundreds of vendors. There are very specialized tools that may or may not integrate with other cybersecurity tools. All those tools generate alerts and require actions that someone has to interpret and respond to. Even if your EDR solutions stops a ransomware virus from running, the ransomware might still be there in a state that could run if the EDR were to ever fail. Someone must review the situation and decide what to do.
Have you ever had your credit or debit card declined for “potential fraud” or “security concerns” requiring you to call your bank? The software identified an event and initiated an automatic response. You needed a person familiar with the security tools, rules, and policies to verify your identity, discuss the situation with you, and decide the proper course of action. You called a SOC.
But Do You REALLY Need a SOC?
How important is it really to have a 24x7 SOC, even if your business is not a 24x7 business? If you use any cloud-based services like Microsoft 365, you will still have servers running 24x7 in a cloud environment or on premises. This means you’re vulnerable 24x7, even if your business isn’t open 24x7. According to page 20 of the 2022 Verizon Data Breach Investigation Report,
- 80% of attacks are discovered in “days or less”
- 20% are discovered in “months or more”
- 50% are discovered by attacker disclosure
This means, if your tools fail to automatically stop the attack, even if you detect an attack within 48 hours, it’s probably too late. In the case of a ransomware attack specifically, the attack can be launched and completed within hours. Often, these attacks are backed by live people, meaning someone is logging in and looking around to decide what kind of attack to launch. So, you have a period that varies between a couple hours and several months to catch and stop the attack before any damage is done.
All this adds up to “yes.” You need a SOC, 24x7, that understands all the tools and alerts, can respond quickly, and knows how to respond based on what kind of threat they’re seeing.
There’s Another Hiccup, though…
All those security tools mean different vendors with different expertise and different levels of access to your environment. That makes it harder to tie these incidents together across all your different platforms to spot the threat and then be able to act. You can’t just rely on support from the software vendor unless you get all your security tools from one vendor. A 24x7 SOC needs at least 8 people, at a minimum, for 24x7 coverage based on 40-hour work weeks, vacation time, coverage during breaks, etc.
That is why Vista IT Group is proud to partner, sell, and use CyFlare SOC-as-a-Service. CyFlare is the vendor neutral SOC you need watching your systems around the clock, taking protective actions when they can, and waking people up when they can’t.
|
Need help identifying exactly what combination of products and services are right for your organization? We're here to help! |
Want to see more articles like this?
Get great content delivered to your inbox!
