CyberPeace Foundation recently reported that 43% of cyberattacks are targeted at small businesses and SME startups. India is a hub for startups and SMEs, multiple media reports state that there are over 77,000 startups and 3.36 lakhs SMEs responsible for 37.54% of the country’s GDP. But the biggest problem these startups and SMEs face is sophisticated cyberattacks from threat actors. The damage done by such attacks is deep and there are times when companies struggle or don’t even emerge out of such problems, especially when their brand identity is marred by cyberattacks.
We say modern-day problems need a modern-day solution, companies cannot put their roots in the current and protect themselves with old and worn-out solutions. Many times it’s not just the availability of technology that is a challenge for SMEs and startups, it is the affordability of technology, manpower and maintenance time. While still trying to find footing, not every company can dedicate itself to ensuring that they are protected 24*7*365. This is where collaborating with companies that provide SOC – Security Operation Center as a service will prove as an effective solution. SOC is a centralized function within an organization employing people, processes, and technology to continuously monitor and improve an organization’s security posture while preventing, detecting, analyzing, and responding to cybersecurity incidents.
There is however a catch-22-situation
While SOC is the better option for organizations in keeping their organizations safe from threat actors, the companies providing SOC as a service also need to keep in mind – their solutions and their manpower should be updated to fight the sophisticated attacks that are being launched by threat actors. To keep up with the new-age cyberattacks, there is a need for SOC to also modernize themselves. The legacy SOC was capable of dealing with cyberattacks that were not as frequent and advanced as now. It was what we call a human-scale problem. But in the last few years, every SOC has been dealing with the problem of information overload. Data logs from network devices and firewalls have been joined by streams of data generated by cloud and edge devices. This is why the SOC if not modernized will become redundant. It’s advised for SOC teams to rethink their cybersecurity strategy.
So where and how to begin the modernization process of the SOC?
For working on modernizing the SOC three elements are considered essential to begin with: automation, AL/ML and advanced threat protection and shared intelligence.
The next step is how to strategically modernize the SOC with a well-thought plan:
- SOC is now preferred as a fusion center combining threat researchers, SOC analysts, and incident responders with open and customizable SOC architecture.
- To ensure the scale and performance of the SOC to meet the user needs, it requires the backing of a highly scalable cloud that can handle real-time data feeds and deliver acceptable response times for complex queries
- SOC teams need better tools for developing, modifying and sharing custom rule sets easily for detection engineering.
- SOC modernization combines threat, vulnerability and business context data for analysts which is why a risk-based context is necessary. This helps security analysts understand if the asset under attack is a test/development server or a cloud-based workload hosting a business-critical application.
- SOC teams need to constantly have a red teaming process and work to meet the gap in terms of the technological difference between them and the threat actors.
- SOC needs to be considered as a business-critical component as aligning it to the business needs helps in choosing the path of modernization
- The modern SOC needs to evolve from a geographically-located single-focus group to a globally diverse team familiar with both hybrid tools and technologies
One might ask what are the challenges that are pushing SOC towards modernization considering the steps listed for modernization may seem overwhelming at first. So why not familiarize ourselves with the challenges:
- Evolving threat landscapes like ransomware attacks are a challenging task to handle for legacy SOC
- 69% of organizations admit to a cyber-incident emanating from unknown, unmanaged, or poorly managed internet-facing assets. The increased attack surface has led to blind spots and other complications that cannot be tackled by legacy SOC
- Increased use of the cloud, especially the public cloud, has led to a need for a modernized SOC
- A plethora of security tools cause more harm than good, more so when they are not compatible and aligned with the current needs. This is why the modernization of SOC is recommended.
Taking a look back at the challenges, requirements and plans for modernizing the SOC, startups and SMEs along with established organizations can consider that just like how a company cannot function on legacy technology and infrastructure, the security setup to protect the organizations too cannot be a legacy tool. SOC is a solution to a majority of the security problems where organizations need to keep their enormous data safe. These organizations need constant monitoring and a team of analysts and cyber experts to help resolve the issue or identify it ASAP. So, instead of pushing away a perfectly good and useful tool citing ‘old’ as the reason, one can enable the tool by modernizing it and fighting the new-age, complicated and sophisticated cyberattacks.
By Manish Chasta, Co-Founder and CTO, Eventus TechSol