It’s not uncommon for people, even some IT professionals, to assume all of their organization’s security needs are being addressed through their NOC (Network Operations Center). Chances are, they’re not. NOCs and SOCs (Security Operations Centers) are entirely different animals, however, with varying goals and staffed by IT professionals with different skillsets and security-related industry certifications. Sure, they both identify issues, then work to resolve them, but most of the similarities end there.
In 2017, well over 4 billion records were exposed to cyberattacks. Believing your company is somehow shielded from them because it’s not of the Fortune 500 variety is a fool’s paradise. No company, regardless of its size or the industry within which it operates, is immune from threats. In a recent Global Information Security survey, only half of the participating organizations believed they could even detect or predict a cyberattack. Amazingly, many organizations view security as an afterthought, and cobble together a security plan with existing personnel who are ill-equipped to handle the intricacies and demands needed to fend off the bad guys―unfortunately, there are a lot of them.
The SIEM―what it is, and why it’s critically important
It can be argued that the SIEM (Security Information and Event Management system) is the fuel that makes the SOC engine run. It collects information from devices that are on or access the network, including login attempts and data transfers, then alerts security professionals of any potential threats. There was a time when SIEMs got a bad rap, some of it deservedly so. At one time, they generated a lot of false positives, which resulted in many “boy who cried wolf” scenarios. Many customers didn’t trust them to reliably provide usable information, at least on a regular basis, and quite possibly ignored alerts on actual threats. Thankfully, however, SIEMs have gotten far more accurate and reliable in recent years, in part because they now allow for far more customization, both in reporting and automated responses.
Don’t hand the SIEM reins over to anybody
Having a SIEM isn’t a set it and forget it proposition. Dealing with security threats is a digital cat and mouse game. New cyberattacks are being invented every day, and the types of threats, such as phishing, DDoS and Trojans (to name a few) are plentiful. And even if you provide extensive, internal training, you’ll never be able to fully you’re your company’s biggest threat―end users, many of whom have a seemingly innate ability to allow, even unknowingly invite, security threats onto the network.
Specialized Security Skillsets
It’s a security analyst’s job to understand the greatest asset threats, and understand which of the customer’s assets take the highest priorities. They can create mock attack scenarios to ensure the SOC can, and will, respond when real attacks occur. From this, they can better customize security detection and ensure responses are structured accordingly.
A key element that security analysts provide is threat intelligence, which is the proactive understanding of existing threats or those on the horizon, including, of course, how to defend against them. Ask an IT professional about their organization’s threat management plan and mediations they have in place to address the vast array of existing or future threats, and you’ll probably be met with stunned silence. If they’re not well-versed in security, chances are existing and impending threats haven’t been considered. And if they haven’t been considered, it goes without saying that they’re not prepared to defend against them.
Plugging Security Gaps
Cybercriminals are essentially looking for one thing―vulnerabilities. Not fully understanding where network vulnerabilities exist can leave organizations wide open for attacks. Some of these vulnerabilities can be addressed with simple software patches, but if nobody on staff is closely monitoring and implementing them, you’ve made an unconscious decision to leave many security gaps unaddressed. It may or may not come as a surprise that most organizations don’t have a well-defined security patch management plan in place.
Monitored and Managed 24x7x365
Providing on-going, real-time management and monitoring of an organization’s endpoints, networks, services and databases 24×7 is critical when defending against threats. Your SOC is only as good as its weakest link, and if providing this level of security and scrutiny isn’t possible, you’ve just defined a very weak link. Threat detection and related responses must be timely, regardless of threat type, time of day or day of week.
For questions, call on the experts at GDT
Sure, companies can operate their own SOC, but whether it’s done in-house or with a 3rd party managed security solutions provider, it should be managed, maintained and monitored by tenured security analysts who think, live and breathe security. Anything less might soon leave you wondering why you ever thought a SOC could play second fiddle to the NOC. And security analysts, when combined with advanced automation solutions, will greatly enhance your defense against cyberattacks and security breaches.
For more information about GDT’s SOC Managed Services, or if you have questions about anything related to IT security, contact GDT’s security professionals here. They’d love to hear from you.
And if you’d like to better address some of your network security concerns, subscribe to GDT’s Vulnerability Alerts, which contain information and links to software patches.