Building a SOC (Security Operations Center) is a tremendous challenge. But this is not only (and maybe not even primarily) about technology. As always, it is also about organization and about people. Do you have the skill sets in your organization to successfully run your SOC? The people who not only understand a single piece of security technology such as a firewall, but that have both the breadth and depth required for successfully building and running a SOC? Breadth, to understand the relationship of security events across various systems. Many of today’s attacks involve many systems, thus analysis also has to have a holistic, integrated view. On the other hand, people need to have te depth necessary to know each piece of the security apparatus as well as the ability to manage the specialists. These people, being both generalists and specialists, are a rare species.
Unfortunately, things are becoming more and more complex. More complex attacks, more complex IT environments - especially in connected enterprises or when looking at SCADA (supervisory control and data acquisition) systems and the IoEE (Internet of Everything and Everyone) - and more complex solutions to analyze threats: It is hard to solve this issue. Realtime Security Analytics, which means “Big Data Analytics applied to Security, powered by external realtime threat intelligence services” is promising, but complex. Understanding these systems, configuring not only rules but complex pattern detection, achieving valid and actionable results and understanding these is a tremendous challenge.
Thus, when building a SOC, there is a simple question to answer at the very beginning: How much should be on premises, and where to rely on services? These services can range from a second or third tier for full-service offerings. The panelists will discuss the need for this, not only from a skill and people perspective, but also with respect to cost, security, and bandwidth requirements.