Most organisations today recognise the value of SOC and SIEM services. Unlocking their true value means doing some homework up-front.
Defining the problem
As a provider of managed security services, we are regularly approached by organisations who are trying to solve a problem which they struggle to articulate.
The problem is usually:
How do I reduce organisational risk, by mitigating the risk of cyber-attack?
Maybe your first step is going to market. Of course, there are a wealth of vendors offering cheap and cheerful solutions and who are happy to sell a perceived solution to the problem.
Unfortunately, this too often implemented conglomeration of tools and dashboards provide some visibility but after painful iterations and consulting fees, it isn’t the SOC or effective SIEM you’ve been searching for.
Now your insurance company wants a compliant and structured solution which begins the next stage of the conversation – “Let’s outsource a SOC!”
What is a SOC?
A Security Operations Centre (SOC) leverages a combination of people, processes, and technologies to provide several services, designed to prevent, or reduce the risk and severity of impacts to the confidentiality, integrity, and availability of an organisation’s information assets.
These services generally include:
- Vulnerability Management – a critical part of understanding the risks to an organisation’s IT environment
- Log collection from devices, information systems, networks, and security-specific technologies
- Configuration of prevention and detection capabilities
- Detecting and responding to cyber threats
- Detecting, investigating, analysing, containing, and managing cyber security incidents
- Supporting the recovery process after an incident
- Advisory or compliance support from a security perspective
- Utilisation of threat intelligence to drive improvements to prevention, detection, and response capabilities
- Risk management and reporting of cyber security risks to assist in driving appropriate business investment
Within each of those services there are layers of competency and capability which demands a decent level of talent – and we know how hard it is to find good people with certified skills.
Cyber security is people led, and those people are in demand.
If you’re trying to hire cyber talent, we know the struggle is real. And while organisations take whatever they can get to plug the security gaps, there’s other invaluable team members being tapped on the shoulder for bigger, better and greater roles and salaries.
There’s another driver for outsourcing SOC, right? Or Maybe a SIEM is the answer?
What’s a SIEM?
A Security Information and Event Management (SIEM) technology will support many the services a SOC provides.
It aggregates and organises information and events from multiple sources, including authentication, access, endpoint, cloud, and security technologies.
This allows for the development of alerting based on data correlated across many data sources. It also supports detection, analysis and response activities undertaken by analysts.
If neither of these are the answer, what do you do to keep stakeholders happy and to keep your assets and people safe?
Our advice? Choose cyber strategy over SOC or SIEM
It’s predictable but true – Cybersecurity is a journey, with numerous steps designed to identify and reduce the risk of cyber-attacks. And, believe it or not, for most organisations, the beginning of the journey isn’t always an outsourced SOC or SIEM.
Importantly, every decision needs to be driven by the nuances of your organisation, your appetite for risk, the specifics of your IT environment, controls you may or may not have put in place.
So, maybe it’s time to get help?
A few questions to get you started – answer yes or no…
Do you have a good understanding of the impacts your business may suffer from prolonged downtime, extortion, or data loss?
Do you have a risk framework in place and do cyber risks feature in the risk register?
Based on the risk and impact of a cyber event, do you have a budget allocated to address the risk?
If you answered no to any of the above questions, a specialist security consulting engagement, including a security assessment and penetration test is usually the right place to start.
Let’s start the conversation today. Take cybersecurity out of the too hard basket and get help — get in touch to find out what you need to do next.