Selecting a SOC That’s Sensible for Your Organization

August 31, 2016 Arctic Wolf Networks

The history of modern cybersecurity is marred by a glaring over-dependence on out-of-the-box solutions that claim to solve even the most obtuse security challenges. Fortunately, a sea change appears to be on the horizon.

According to TechTarget contributor Eric Cole, security operation centers (SOC) are “the key to future.” More specifically, Cole argued that the continuous monitoring supplied by an SOC will play a pivotal role in the enhancement of threat detection for years to come.

In a lot of ways, the rise of the SOC is in perfect step with trends pertaining to Big Data and analytics. Organizations of all sizes want to use the information available to them as an avenue to more favorable business outcomes. A SOC essentially does the same thing. It aggregates and analyzes the entire stream of data traffic on a network as a way to identify cyberthreats.

And just like businesses big and small will be employing the power of advanced analytics to make better decisions, companies of all shapes and sizes will be turning to SOCs in an effort to enhance their cybersecurity strategies.

One size won’t fit all

There are multiple different types of SOCs, and knowing which one is right for your organization will ultimately require a thorough understanding of what each offers, and how that aligns with your priorities. In a recent report, Garter identified five main types of SOCs that the majority of chief information security officers can choose from. They include the following:

  • Virtual SOC
  • Multifunction SOC/ NOC
  • Co-managed SOC
  • Self-contained SOC
  • Command SOC

Let’s take a look at which type of SOC is best suited to to specific markets:

The SOC you end up selecting should be an ideal fit for your organization.The SOC you end up selecting should be an ideal fit for your organization.

Small businesses

Determining which SOC is right for your organization requires a bit of cost-benefit analysis. Let’s start with a virtual SOC. Gartner refers to these as “the least mature of SOC models.” This is because cybersecurity deployments are fragmented, and the staff responsible for overseeing them are spread thin over a variety of tasks. As a result, there is no “dedicated SOC infrastructure.” Rather, the SOC is reactive. This type of model is best suited to a very small business that isn’t necessarily at high risk of a cyberattack.

Next, Gartner lists a multifunctional SOC/ NOC (network operations center), which is also best-suited for smaller, low-risk companies. The report stated that the model has the potential to work well, but the joint IT staff often end up trying to juggle too many things, resulting in the inability to do any of them effectively.

Mid-market organizations with compliance needs and sensitive data

“The co-managed SOC, is the most balanced of the five SOC models.”

The co-managed SOC, is the most balanced of the five SOC models. As the name suggests, there are multiple parties involved in oversight. A dedicated IT staff might be responsible for certain cybersecurity deployments such as firewall, anti-spam and email gateways. Meanwhile, a secondary department or third-party vendor would be responsible for managing the actual SOC. The benefit of this model is that the organization actually achieves a 24/7/365 operation at an affordable price. According to Gartner this model is becoming especially popular among small to mid-market organizations, which rely on it as a way to improve unyielding protection and augmentation of in-house expertise.

A dedicated or self-contained SOC is a slightly more traditional managed-service model in that a single entity oversees the service entirely. This is a highly effective model for compliant medium-sized organizations that have a more pressing need for strong cybersecurity (i.e. health care institutions).

Enterprises and government organizations

Finally, there’s the solution for the biggest organizations: the command SOC. Gartner noted that this model is typically used by enterprises, particularly those that have more than one SOC. As the name suggests, the command SOC is the central SOC. It unifies any smaller or co-managed deployments under a single umbrella.

Don’t drag your feet in making a selection

The cyberthreat landscape is scourged by ransomware, phishing schemes and data breaches. Health care organizations and financial institutions in particular are being heavily targeted. From the former, hackers hope to pilfer a treasure trove of personally identifiable information that can be sold quickly on the dark web. Cybercriminals will also employ ransomware against health care facilities because they’re highly aware of what’s at stake should critical medical data become unavailable to staff.

Meanwhile, in the financial sector, hackers are quite literally robbing banks online by sneaking onto private networks, and masking their activities with malware. To make matters worse, many of them are no longer targeting big banks. According to Fortune, smaller and mid-size financial institutions are slowly become the more favorable victims. This is mainly in response to increasing investments in better cybersecurity among the largest financial firms – most of which can afford to operate their own SOCs.

It’s important for CISOs in industries of all sizes to strengthens their SOCs. But for mid-market organizations, it should be the top priority.

Previous Article
Why MDR Is Overtaking the Product-Centric Approach to Cybersecurity

We don't need better products to beat cybercriminals; we need better strategy. 

Next Article
How Long Does It Take Ransomware to Encrypt Your Files?

Hint: A lot faster than you probably thought.


Want cybersecurity updates delivered to your inbox?

First Name
Last Name
Thanks for subscribing!
Error - something went wrong!