Get your SOC ready to face the new cyber challenges
We already know the more connected and decentralized business operations are, the bigger are the challenges to ensure the integrity of corporate networks protecting data and applications. According to IDC’s “2021 Ransomware Study”, 37% of global organizations experienced some type of ransomware attack last year.
The FBI also pinpoints disturbing data. According to the cyber division of the North American agency of defense, the number of attacks spike 400% since Covid-19 pandemic. In this scenario, many companies realized that preventing, identifying, and mitigating cyber risks is the result of a set of actions involving tools and people working collaboratively in operational centers dedicated to identifying vulnerabilities and solving incidents in data systems, known as Security Operations Center, or SOCs.
The SOC works as a “nerve center” around the clock, 24×7 (24 hours a day, seven days a week), where suspicious events are identified and analyzed based on methodologies of detection and protection against threats. These tasks are carried both manually, based on written procedures, as well as in an automated way, through tools that generate alerts, notifications and even blocking devices or user accesses, among other proactive and remediation actions.
As data protection technologies develop and cybersecurity experts race to anticipate the actions of malicious hackers to prevent attacks, invasions, data leak and hijacking of information, the cybercrime industry also goes fast, adopting new strategies that embark technology and people, including the use of so-called social engineering approaches – psychological tricks that lead users to unwittingly open gates into their networks to malicious agents.
To keep pace with this dynamic context, where innovations can often come from the enemy side, automate the security event management (incident response) as much as possible ensures a fast and seamless reaction to threats and flexibility to mitigate cyber risks. With the automation of some incident detection and mitigation processes, cybersecurity professionals – increasingly rare and much demanded globally – can focus on more complex tasks.
A positive route to reinforce automation in corporate SOCs is the adoption of SIEM (Security Information and Event Management) tools, which optimize the delivery of reports on malicious activities, such as abnormal user behavior, suspicious login attempts and others, and issue alerts triggered by the analysis engine in case of violation of business rules, which may flag a security issue.
Another way to boost cybersecurity is to adopt Managed Detection and Response Services (or, MDR), pointed out by IDC as emerging technologies in 2022 – the year in which the incidence of cyberattacks should continue to rise -, using advanced detection tools, including EDR and XDR.
Although anywhere in the world SOCs follow a similar operation standard, we can say that a customized architecture tailored to each business model is the key for a more effective data protection. However, we continuously note gaps concerning awareness and compliance within the organizations.
Even it is clear for the organizations that cybersecurity is a multidisciplinary theme associated with the commitment of the entire organization, there are still engagement and communication limitations among the IS (Information Systems) area and other IT (Information Technology) support areas with significant impact in the efficiency of the service.
In other words, protection tools are not enough. People and processes are still critical to reach an acceptable level of maturity. When implementing or upgrading a SOC, it’s worth considering a compliance and awareness strategy from onboarding.
Marco Alexandre Garcia, Latam MSS Director, Cipher.