Rick McElroy
Rick McElroy 30 April 2018

Building a High-Speed Security Operations Centre SOC

As a Security Strategist, I am aware that when an incident occurs, the speed of your response will dictate the extent to which you can minimise the impact. Every second counts, and while the clock is ticking, the cost of the breach is rapidly increasing.

Breaches that take over 30 days to contain cost companies an extra $1 million, and depending on the severity, it can cost even more. Minimising dwell time is the name of the game; the faster you can identify root cause, the faster you can remediate. So, how can you transform your security operations centre (SOC) into an intelligence-driven operation that can hunt for zero-day threats? Here I will talk about different components such as mastering security basics, organising your team effectively, and evolving your SOC with each new attack.

A highly efficient SOC enables its skilled defenders to harness both advanced automation and human insight to combat the ubiquitous threat of cybercrime. A high-speed SOC must excel in many different areas of security operations to ensure that valuable time is not handed over to the adversary. It is crucial for security professionals to understand that the ability to operate an agile, intelligence-driven SOC is dependent on your organisation’s answer to the following four questions:

What Are The Basics We Need To Master First?

Speed is only built on a strong security foundation. A process is only able to be automated once it has been perfected by your team. Automating a process that your team does not fully understand will create blind spots and likely decrease your visibility as you attempt to scale. Before tasking machines with processes that are key to your security, make sure you understand all the weaknesses of your current posture.

  1. Have you minimised your attack surface?
  2. Have you inventoried every asset?
  3. Are your systems being properly patched?
  4. How would you know if they were not?

Organisations must not only master the basics of security and achieve speed, but strive for complete visibility across their environment, and the continuous monitoring of every event.

How Can I Efficiently Organise And Lead The People On My Team?

Organising your team to protect your environment with agility is a difficult task with all the varied skills and challenges related to traditional SOC structures. Efficiency starts with breaking down the structures seen in traditional SOCs. Success can be found by moving beyond an operation that focuses solely on event analysis. Take the example of Red Canary, which has created amazing innovation within its security team and around the investigation process. Red Canary has included its Intel team in engineering efforts, engineers in analysis efforts, and so on. Rather than assigning each team member a label to exclusively focus on, each person has a core ‘practice.’ They still develop and improve within their practice, but they are also challenged to engage with other functions in the SOC.

How Can Technology Help Streamline Our Detection and Response Processes?

Technology can help you to proactively hunt threats across your enterprise, as well as rapidly drill down to the root cause of the threat, and ultimately reduce attack dwell time. Security professionals use technologies like Carbon Black’s Cb Response to validate their hunting hypotheses and create automated watchlists to generate custom alerts for suspicious patterns they identify.

In the case of malicious attacks, it can take over 9 months on average to properly identify the root cause of an incident and contain it. Cb Response allows analysts to visualise the complete attack kill chain and then respond and remediate the attack within minutes, without having to manually aggregate and sift through relevant raw data post-incident. It allows you to safely isolate an infected host and then obtain secure direct access to that endpoint to continue your investigation.

How Can My Entire SOC Evolve With Every New Attack?

In a Verizon report, 88% of breaches fell into one of nine patterns that had existed three years prior. Attackers know that legacy antivirus products can be easily bypassed by making slight changes to avoid being identified as “known bad.” However, utilising patterns of attack to connect the dots between IOCs and all other system events, SOC analysts and incident responders can gain a full understanding of the precise sequence of events as a cybercrime unfolds.

There is clear cause-and effect insight into where an attacker gained access, what he tried to accomplish, how he attempted exfiltration and, ultimately, what the exact root cause of the attack was. Without this contextual understanding of the attack, an incident responder would lack any additional insight into how the organisation could be better protected in the future.

Overall, with a high-speed SOC, your organisation can avoid addressing the same threats over and over. This means more time hunting new threats and less time constantly policing known areas of risk manually. The future SOC is not technology, per se; it is people, intelligence, and automation to allow for a rapid response to a threat.

Please login or register to add a comment.

Contribute Now!

Loving our articles? Do you have an insightful post that you want to shout about? Well, you've come to the right place! We are always looking for fresh Doughnuts to be a part of our community.

Popular Articles

See all
How to Review a Website — A Guide for Beginners

How to Review a Website — A Guide for Beginners

A company website is crucial for any business's digital marketing strategy. To keep up with the changing trends and customer buying behaviors, it's important to review and make necessary changes regularly...

Digital Doughnut Contributor
Digital Doughnut Contributor 25 March 2024
Read more
The Impact of New Technology on Marketing

The Impact of New Technology on Marketing

Technology has impacted every part of our lives. From household chores to business disciplines and etiquette, there's a gadget or app for it. Marketing has changed dramatically over the years, but what is the...

Alex Lysak
Alex Lysak 3 April 2024
Read more
10 Factors that Influence Customer Buying Behaviour Online

10 Factors that Influence Customer Buying Behaviour Online

Now is an era where customers take the center stags influencing business strategies across industries. No business can afford to overlook factors that could either break the customer experience or even pose a risk of...

Edward Roesch
Edward Roesch 4 June 2018
Read more
7 Reasons Why Social Media Marketing is Important For Your Business

7 Reasons Why Social Media Marketing is Important For Your Business

In the past two decades social media has become a crucial tool for marketers, enabling businesses to connect with potential customers. If your business has yet to embrace social media and you want to know why it is...

Sharron Nelson
Sharron Nelson 29 February 2024
Read more
How can marketers use AI in a responsible and human-centric manner?

How can marketers use AI in a responsible and human-centric manner?

Learn to balance technology with human creativity for ethical and effective marketing campaigns.

Chris Price
Chris Price 1 May 2024
Read more