SOCaaS - Post Cover Giacomo Lanzi

Is SOCaaS useful for your business?

In today’s article, we’ll explain what a Security Operations Center (SOC) is and help determine if a SOC-as-a-Service (SOCaaS) solution is right for your business. Just because you have to manage cybersecurity doesn’t mean your business has to deal with cybersecurity. In fact, your core business could be pretty much anything else.

Proper management of IT security, however, is essential to allow your company to grow and to obtain the certifications for data processing required by law. Having the right cybersecurity skills available at the right time is critical to your success, but you have no idea when that time will be.

Choosing the right technology, people and processes to build a modern security operations section is one of the biggest challenges for IT security managers.

What is a SOCaaS and what it can do for you

Before understanding what the management challenges are, it is good to understand what a SOC is. It performs the following functions:

Plan, configure and maintain your security infrastructure.

With a SOC it is possible to configure the technology stack (endpoint, SaaS applications, cloud infrastructure, network, etc.) to identify the relevant activity and eliminate unnecessary data. Monitor data sources to ensure the ecosystem is always connected.

Detect and respond

In addition, it is possible to monitor the incoming alarm activity. Investigate alarms to determine if it is a true security issue or a false alarm. If something is a real security threat, you can evaluate the magnitude of the situation and take response actions.

Threat hunting

SOCaaS - Hacker

The activity of a certain event can be examined to determine if there are any signs of impairment that may have eluded the automated controls. The most common scenario is to review the history of an IP address or file that has been determined to be malicious.

Storage of log files

Another possibility is to securely collect and archive log files, for up to seven years, for compliance with regulations. The team will need to provide this critical data for forensic analysis in the event of a security situation.

Measure performance indicators

Obviously it is possible to monitor the KPIs (performance indicators). In detail it is possible to measure and report the KPIs to demonstrate to the executive team how the SOC is working.

The challenges of implementing your own SOC

Finding, training and retaining cybersecurity professionals is expensive

The skills needed to manage IT security tasks are in high demand. Unfortunately, the shortage is bound to get worse before it gets better. According to the International Certification Organization (ISC), the number of vacant positions worldwide was over 4 million professionals in 2019, up from nearly three million the previous year.

Training personnel with a broad IT background in cybersecurity skills is an option, but retaining these people is expensive. Their replacement, when eventually taken elsewhere, starts a cycle that usually ends up being more expensive than expected, especially compared to SOCaaS.

Also, people who work well in this industry usually want to explore new topics and take on new challenges. You will need to find other related projects or roles to rotate SOC staff to keep them engaged. This also helps build their skills, so they are ready to respond and act promptly when needed.

Cyber security is a team sport

It is important to have a diverse set of skills and a team that works well as a team. Security threats evolve rapidly, proper investigation and responses require people who understand endpoints, networks, cloud applications, and more. Often you end up being a SOC manager, a sysadmin and a threat hunter, depending on the day and what happens in your environment.

This means that you will need a team that is constantly learning, so that you have the right skills when you need them. People who do well in this industry thrive in a team environment where they can learn and challenge each other. For this, you need a workflow that regularly brings together several SOC analysts.

Think of it this way: you wouldn’t put a football team on the pitch that didn’t train together. Your SOC team collides with an opponent who plays as a team every day. To be successful, you need professionals who have a lot of playing experience to build their skills both in the single position and as a team.

A team of SOC analysts who do not do regular training will not be ready when hit by a well-trained opponent. It is difficult to get this experience in a small organization.

A SOCaaS is the immediate answer to this need. The team that will take care of your IT security is trained and stimulated every day by ever new challenges, having to deal with different infrastructures every day.

24/7 coverage is a necessity

Letting an opponent be free to bait for hours, days or weeks makes it infinitely more difficult to contain and remove threats. The adversary knows they have limited time to do as much damage as possible, as in the case of ransomware, or to overshadow ports, as in the case of data extrusion.

You will have the best chance of recovery if you can investigate and respond within minutes. A solution that provides 24 × 7 coverage is therefore essential.

In computer security there are no “working hours” for one particular reason: an attack could come from anywhere on the globe, consequently you cannot rely on conventional hours. This is the result of the spread of the network as an instrument of worldwide connection, we can only deal with it adequately. A SOCaaS relieves the company using it from keeping a division open 24/7.

Managing suppliers and integrating tools is quite expensive

Cyber security is complex and technology evolves rapidly. There will be more and more technologies that need to work together, which requires maintaining the skills to implement, update and configure each component and train your staff on new versions and features. If you have your own SOC, you also need to manage these supplier relationships, licensing, and training.

The bottom line is that building the skills you need requires a lot of low-level tasks and extensive daily work. For organizations that can support it, the effort makes sense. For most organizations, the task is best left to a partner who can provide this service, allowing you to get all the benefits of a high-end SOC without the expense and distraction of building it yourself.

Conclusions

If budget is not an issue and you have enough staff to focus on building and maintaining a 24 × 7 SOC, then it may make sense to go this route. If you are constrained on one of these two fronts, then SOCaaS will be the best approach.

In summary, SOCaaS allows you to:

1. Spend time managing security, not technology and vendors
2. Have a predictable expense. No surprise budget requests
3. Obtain security information from other organizations
4. Manage alarms more efficiently and with more predictable results
5. Be agile and keep up with the IT needs of your evolving organization
6. Stay abreast of today’s security tool innovations.

If your company wants to know more about Secure Online Desktop SOCaaS solutions, contact us for a non-binding consultation. We will show you all the advantages and clear up any doubts regarding this solution.

[btnsx id=”2931″]

Useful links:

SOC as a Service

Computer network security: PT vs. VA

Cyber Security: Pentest and verification of vulnerabilities

Share


RSS

More Articles…

Categories …

Tags

RSS Dark Reading

RSS Full Disclosure

  • Backdoor.Win32.Hellza.120 / Authentication Bypass September 20, 2022
    Posted by malvuln on Sep 19Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/2cbd0fcf4d5fd5fb6c8014390efb0b21_B.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Backdoor.Win32.Hellza.120 Vulnerability: Authentication Bypass Description: The malware listens on TCP ports 12122, 21. Third-party adversarys who can reach infected systems can logon using any username/password combination....
  • Backdoor.Win32.Hellza.120 / Unauthorized Remote Command Execution September 20, 2022
    Posted by malvuln on Sep 19Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/2cbd0fcf4d5fd5fb6c8014390efb0b21.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Backdoor.Win32.Hellza.120 Vulnerability: Unauthorized Remote Command Execution Description: The malware listens on TCP ports 12122, 21. Third-party adversarys who can reach infected systems can issue commands made available by the...
  • Trojan.Ransom.Ryuk.A / Arbitrary Code Execution September 20, 2022
    Posted by malvuln on Sep 19Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/5ac0f050f93f86e69026faea1fbb4450.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Trojan.Ransom.Ryuk.A Vulnerability: Arbitrary Code Execution Description: The ransomware looks for and executes DLLs in its current directory. Therefore, we can potentially hijack a vuln DLL execute our own code, […]
  • Trojan-Dropper.Win32.Corty.10 / Insecure Credential Storage September 20, 2022
    Posted by malvuln on Sep 19Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/f72138e574743640bdcdb9f102dff0a5.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Trojan-Dropper.Win32.Corty.10 Vulnerability: Insecure Credential Storage Description: The malware stores its credentials in cleartext within the Windows registry. Family: Corty Type: PE32 MD5: f72138e574743640bdcdb9f102dff0a5 Vuln ID:...
  • Re: over 2000 packages depend on abort()ing libgmp September 20, 2022
    Posted by Matthew Fernandez on Sep 19What is the security boundary being violated here? As a maintainer of some of the packages implicated here, I’m unsure what my actionable tasks are. The threat model(s) for my packages does not consider crashes to be a security violation. On the other side, things like crypto code frequently […]
  • SEC Consult SA-20220915-0 :: Local Privilege Escalation im SAP® SAPControl Web Service Interface (sapuxuserchk) September 16, 2022
    Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Sep 15SEC Consult Vulnerability Lab Security Advisory < 20220915-0 > ======================================================================= title: Local privilege escalation product: SAP® SAPControl Web Service Interface (sapuxuserchk) vulnerable version: see section "Vulnerable / tested versions" fixed version: see SAP security note 3158619 CVE number: CVE-2022-29614...
  • SEC Consult SA-20220914-0 :: Improper Access Control in SAP® SAProuter September 16, 2022
    Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Sep 15SEC Consult Vulnerability Lab Security Advisory < 20220914-0 > ======================================================================= title: Improper Access Control product: SAP® SAProuter vulnerable version: see section "Vulnerable / tested versions" fixed version: see SAP security note 3158375 CVE number: CVE-2022-27668 impact: high homepage:...
  • over 2000 packages depend on abort()ing libgmp September 16, 2022
    Posted by Georgi Guninski on Sep 15ping world libgmp is library about big numbers. it is not a library for very big numbers, because if libgmp meets a very big number, it calls abort() and coredumps. 2442 packages depend on libgmp on ubuntu20. [email protected]:~/prim$ apt-cache rdepends libgmp10 | wc -l 2442 gawk crash: [email protected]:~/prim$ gawk […]
  • APPLE-SA-2022-09-12-5 Safari 16 September 12, 2022
    Posted by Apple Product Security via Fulldisclosure on Sep 12APPLE-SA-2022-09-12-5 Safari 16 Safari 16 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213442. Safari Extensions Available for: macOS Big Sur and macOS Monterey Impact: A website may be able to track users through Safari web extensions Description: A logic issue […]
  • APPLE-SA-2022-09-12-4 macOS Monterey 12.6 September 12, 2022
    Posted by Apple Product Security via Fulldisclosure on Sep 12APPLE-SA-2022-09-12-4 macOS Monterey 12.6 macOS Monterey 12.6 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213444. ATS Available for: macOS Monterey Impact: An app may be able to bypass Privacy preferences Description: A logic issue was addressed with improved state management. […]

Customers

Newsletter