The Ever-Evolving SOC

By on Jul 08, 2019

In the 17th century, poet John Donne wrote, “no man is an island entire of itself.” He also mentioned every man is “a part of the main.” Fast forward to the 21st century and you’ll find this concept still rings true, especially as it relates to security.

Like everything else in the world, the security industry is constantly evolving. More sophisticated, targeted threats are emerging at an exponential rate and organizations need high-caliber solutions – and strategy – to keep up. However, when organizations act independently, they put themselves at risk by not incorporating the lessons learned from others or they experience roadblocks that delay resolution when they do not have access to full context or information. Keeping true to Donne’s word, every organization must realize they are in the same fight together, which is why we’ve seen the rise of fusion centers across the globe.

New Problems, New SOCs

Taking Security Operations Centers (SOCs) to the next level, fusion centers are designed to knowledge share. They connect all parts of an organization, with the end goal to increase transparency and visibility to rapidly uncover posed threats either before they happen, or quickly stop them in their tracks. Additionally, fusion centers have a key benefit: they help to advance the cybersecurity industry by identifying new cybersecurity product and solution needs to maintain a steady pace against the evolution of threats.

Operating at a global scale, fusion centers have proven to be an avenue to rapidly process and centralize seemingly unrelated and dispersed information. Using analytics to identify patterns and behaviors from a tremendous amount of data across multiple endpoints facilitates increased threat detection and correction – allowing for real-time remediation.

Advice for Enterprises

Access to intelligence and better, more coordinated strategies are imperative for enterprises to succeed in 2019 and beyond. To break it down, the intent of threat actors is to “beat” existing security measures in place, however it is harder for them to succeed attacking multiple pieces of technology. Fusion centers provide the self-actualization the industry needs, including using artificial intelligence and feedback mechanisms to present a more well-rounded approach to stop attackers.

For example, if an organization has one attack with an existing pattern, without the information fusion centers can provide, data breaches experience greater time to detect. The threats from this additional time spent can have dire consequences. A longer detection and response time can equate to damage to an organization’s reputation as well as financial impact through loss of revenue. Organizations should be striving to find a way to reciprocally share intelligence – it is absolutely a two-way street. The more structure behind identifying multiple data elements correlated with threat actors’ patterns, the greater chance threats will quicker to find and fix.

We’ve seen some additional benefits and lessons learned from fusion centers, including:

  • Focus on people and process – Technology is only part of the solution. For now, humans need to work alongside machines and technology in order to thrive. The conversation has moved from a single individual asking, “How do I use this tool to the best of my capability,” to an all-in mentality that is focused on the broader organization to improve overall processes and approach.
  • Consolidation is key – The disparity of data and information introduces room for error. Having a different point product on every endpoint creates complexity and introduces risks. Simplification of an organization’s security environment, including combination and coordination between tool sets, is beneficial. Organizations should strategically choose which vendors they would like to work with and evaluate how solutions can work together to provide ultimate optimization.
  • Great foundation, better security hygiene – A major lesson some organizations learn the hard way is that in hindsight, they should have exercised better practices to drive maturity within their SOC. Having a strong control of assets and information and knowing where data lies at any given time is extremely critical. Without this, organizations risk the chance of being blindsided when they go to investigate a case and find an asset on their network they were unaware of.
  • Strengthen existing processes – Make sure your organization’s authentication is secured so you are aware of user behavior occurring across everything. Additionally, organizations need to examine their patching cycles and vulnerabilities management programs to identify any flaws that can be addressed. This allows for the maturity of their SOC – and furthermore – provides another opportunity to stay ahead of the curve.

It takes a village

Knowing the talent gap the cybersecurity industry still faces, CISOs need to be prominent leaders in their organization to shape the future of how the SOC evolves and how fusion centers can be leveraged to thwart or quickly remedy attacks. The challenges will only get more complex, so investing in continual education, mentoring of existing and new employees and staying abreast of trends and new technologies will be crucial.

About the Author

McAfee Enterprise

McAfee offers industry-leading cybersecurity solutions for all business and enterprise needs. See our blog to stay up-to-date with the latest security trends

Read more posts from McAfee Enterprise

Categories: Security Operations

Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to McAfee Securing Tomorrow Blogs