2014 was a banner year for data breaches. It really did seem as though every day a new story hit the press regarding another data breach. And company size and sector didn’t matter. All organizations were vulnerable to external attack, and the consequences were certainly derailing companies and their leaders' careers. Clearly, current methods have become ineffective for proactive awareness and timely remediation of security vulnerabilities. Simply installing traditional security products and meeting compliance checklists are not enough.
We think that SOCs are the only method that protect against both malware and cyberattacks (including identity theft). But like all protective barriers, they work – but only if used correctly!
What’s the best kind of SOCs to use?
The best kind is one that offers a correct balance of people, processes and technology. Security products are often marketed as “silver bullets” that fix everything. However, technology is really just a tool that becomes effective when combined with the right people and security controls. An effective security program should be based on documented information security best practices and proven processes. The end goal is a well-constructed information security program that delivers 24x7 security posture visibility and continuous improvement.
What should I expect my SOC to do?
Your SOC should deliver 24x7 monitoring of your IT infrastructure. When a security-relevant event is detected, your SOC should immediately begin reviewing the details and provide timely notification of the incident. There should also be a notification email with additional information on the cause of the event and the recommended actions to take.
Daily Security Insights
Each day you should receive a Daily Security Snapshot email from your SOC Team. This report should contain a summary of any security events that occurred in the past 24 hours, along with a Threat Report that gives a current assessment of critical security controls. Using this information, organizations can take proactive steps to improve their security posture.
Monthly Security Insights & Compliance Reports
Your SOC should deliver a monthly summary report as well as industry-specific Compliance Reports if requested. It should provide standard reporting for HIPAA, PCI-DSS, GLBA, COBIT, NERC-CIP, NIST 800-53, and ISO 27001/2. Customized reports should also be available if needed.
Tracing a security incident or suspicious user activity through thousands of event logs can seem like an overwhelming task. Your SOC must be an easy-to-learn forensic search tool so that you can perform investigations on your own.
How will a good SOC make me happy?
You’ll gain confidence knowing your security posture is monitored around the clock by certified Security Analysts. You’ll also be able to minimize the burden of needing qualified security professionals on staff. And with a good SOC, you will be able to answer with confidence: what is on my network and is it secure?