A Security Operation Center or SOC consists of a security operations team. Their function is to check, detect, investigate, mitigate, and respond to cyber threats 24/7.
The security operations teams are responsible for monitoring and protecting virtual assets. These assets include intellectual property, personnel data, business systems, and brand integrity.
These teams enable the implementation of any organizational cybersecurity framework. The security operations teams are the central point of collaboration.
A typical SOC uses hub-and-spoke architecture. With a security information and event management (SIEM) system.
The primary function of the SIEM system is to total and correlate data from security feeds. Spokes of the hub-and-spoke model incorporate into other systems.
These spokes include:-
- Intrusion prevention systems (IPS)
- User and entity behavior analytics (UEBA)
- Risk and compliance (GRC) systems
- Application and database scanners
- Vulnerability assessment solutions
- Endpoint detection and remediation (EDR)
- Threat intelligence platforms (TIP)
A SOC manager usually runs the SOC. The teams consist of incident responders and managers, SOC Analysts across levels 1 to 3. And threat hunters. The SOC manager is senior and reports to the CISO, who reports to the CIO or CEO.
There is no doubt that to survive in today’s digital world. It is important to build a SOC. Incidents occur by the second, and instant remediation cannot wait.
The number of SOCs is increasing, resulting in a shortage of qualified, skilled. And experienced personnel. This is becoming a significant organizational challenge.
The SOC operating costs are high, and scarce skills drive up the labor price if you can find them. Keeping skilled employees, with the competition headhunting them, is another challenge. The result is that SOC fees and workloads increase across industries.
There is also increased pressure on top performers. As the sophistication of cyberattacks increase.
A 24 hour full-time monitored security operation center (SOC) requires a staff complement of about 6 to 10 to run and costs around R1m per year.
This is a small investment for a large billion-dollar organization. But not for a smaller business.
There is a delicate balance between managing efficiency and effectiveness. And one cannot drive down operational cost at the price of reduced efficiency against attacks. Here are a few ideas on how to drive down the cost of a SOC. While still maintaining the vital protective barrier it provides.
Managed security operation center (SOC), a similar outsourcing model to managed hosting, is becoming more popular. Also referred to as SOC as a Service, this model is a subscription-based offering. Organizations outsource threat detection and incident response.
The advantage is that organizations can gain fast. Cost-effective access to cyber threat monitoring. The cost of managed SOCs can start with as little as $750 a month for a small business. Which is a big cost saving from having an in-house SOC and still provides the value required.
The security posture of the organization improves immediately. A more indirect benefit, the competition for skilled personnel decreases. As fewer SOCs support more organizations. Managed SOC providers usually need large teams that provide a learning environment for new employees. This grows internal talent and promotes retention.
Grow Internal Talent
Organizations need skilled expertise who understands the context of the organization’s work. They can identify the inter-relatedness and hidden connection between different attacks. This requires someone to know the organization well.
One surefire way to achieve this level of integration is to work in various areas across IT, systems. And security areas over an extended time.
To use an entry-level security analyst starts at around $75,000 per year in salary alone. This can become a very expensive exercise. Another strategy is to recruit people with limited skills.
These can be graduates with no experience or skilled employees without a formal education. Train and treat them well. Grow and keep this talent with a prosperous career path. Provide them with real value-adding opportunities to improve security.
External Advanced Help
Use external resources who are true experts in specific threats to assist the team. These lifeline resources can assist in mitigating the threats when required. And educating the team to deal with them in the future.
The base salary for SOC Analysts ranges from $76,158 to $107,866, with Senior Analysts earning much more. Using external contractors can save a bundle and add more value.
Security Software and Systems
SOC Administrators must have solutions that manage threats across verticals. And give them the most significant coverage. It is easier for them to manage one platform and point of contact to assist as required.
Simpler, more efficient integrated security operations technologies. It reduces employee training periods, workplace frustration, and error rates. These benefits all add up to drive down operating costs.
Automated and Orchestration
No single team or security system can cope with the volume of cyberattacks occurring. To manage the volume requires many systems, which in turn need an automated management system.
A computerized management system organizes, prioritizes, and manages incidents and threats. The management system then alerts the teams to divide and direct resources.
The right security automation tool can reduce your cases by 80%. And preventing incidents is a lot less expensive than responding to them.
Review Data Strategy and Licensing
A SOC retains data for compliance and investigation support purposes. Using a piece of security information and event management system. To meet both these purposes means that the company over-spent on the solution.
Cost-saving can achieve by using open-source log management. Or data lake solution for compliance. And a simpler function fit system for searching, reporting. And visualization of security information and event management requirements.
Investigate Open-Source Options
An annual review of alternative solutions, including open-source options of your big-cost items. Can identify cost-saving opportunities. At least it can justify the expenses you have or identify a more cost-effective challenger.
Running an efficient and effective SOC that looks after thousands of clients is complicated and expensive. Trying a mixture of different strategies to reduce the cost. And maintain the value add of the SOC needs to be a key driver for organizations to respond to ever-increasing cyber threats.