Friday, June 9, 2023

How To Keep Your SOC Up To Speed: 5 Golden Tips

 


Many people may not know it, but if your business outsources the IT Department or even your Cybersecurity stuff, it is more than likely you are making use of what is known as “Managed Services Provider” (“MSP”) or a “Managed Security Services Provider” (“MSSP”). 

The former takes care of your day-to-day IT stuff, whereas the latter looks after your security needs.  But what is secretive about these kinds of organizations is that many of them have what is known as a “Security Operations Center”, or “SOC” for short. 

Depending upon the Service Level Agreement (SLA) that you have with them, they will typically keep a 24 X 7 X 365 watch on all of your IT assets, and make sure that they are protected with the best level of controls possible. 

All of this is being monitored by a team of professionals at the SOC.  Some of them can be very large (like on the range of what Microsoft has), or some of them can be very small, being manned by only 2 or 3 people.

Whatever the size is, their primary job is to make sure that your business is protected.  Because of this, it is very important for the SOC to stay ahead of the curve, and adopt the latest technologies so that in the end, they can offer you the best services that are possible.  But apart from that, given the world that we live in today, they also have to:

*Gain the deepest levels of trust from their customers.  After all, if your business has been impacted by a security breach, your MSP or MSSP will be the first ones to be blamed (along with the CISO of course), and probably even found liable. 

Of course, then you will want to switch quickly over to another provider.  Also, the landscape here is very competitive amongst them.  The only way that they can win out is through great customer service.

*Have to protect your data and its sure it remains intact.  If your business has tons of data that it uses, more than likely, you will be storing it at the site of your MSP or MSSP, or if it is being stored in a Cloud deployment that you have, then they will oversee that as well.  The bottom line here is that if you are trusting them with your datasets, then they become the stewards of it, and have the complete responsibility for its safety.  Again, if anything happens, they will be the first ones to be blamed.

*Make sure that there are extremely minimal disruptions to your IT and Network infrastructures.  These days, the Cyberattacker is now resorting to the old means launching a threat variant.  A prime example of this is the good ‘ole DDoS based attacks, which can literally bring your servers to a crawl.

*Coming into compliance.  If your MSP or MSSP is going to be your data steward, then they are going to have to come into strict compliance with the data privacy laws such as that of HIPAA, GDPR, and the CCPA.  If they don’t have the right controls in place and are audited, they could face some serious fines and penalties.  For example, under the GDPR, the penalty can be as much as 4% of gross revenue.

So, in order to keep up with all of these requirements, what can an MSP or MSSP do?  Here are some tips:

1)     Stop emphasizing technology so much:

This goes back to something I have written about who knows how many times.  Good levels of Cybersecurity does not come from technology itself.  Yes, it is important that an SOC use the latest ones out there, and are updated, but equally important are the people that man them.  You need to train individuals who can decipher and trigger any alerts or warnings that are coming in.  Also, you need a human being to contact a customer in case a security breach is about to erupt.  But most importantly, get away from the siloed approach that are so often seen in the SOCs today.  You need to foster a sense of open transparency and communication, because after all what is important in the end is keeping your customers safe.  There is no way that it can be accomplished when nobody in the SOC is communicating with another.

2)     Make sure you are safe:

Although it is the job of the MSP or MSSP to make sure that their customers are secure, they also need to make sure that they are safe themselves.  Remember, the threat landscape is wide open to the Cyberattacker.  They will attack whenever and wherever possible.  And this even includes the SOC.  So, make sure that you conduct the right kinds of Risk Assessments, in an effort to make sure that your infrastructure is as airtight as possible.

3)     Use existing frameworks:

The one thing that the world of Cybersecurity is known for are all of the frameworks and standards that are in existence (with even newer ones coming out).  An SOC should try to pick one and stick to it, and apply that to their customers as well.  One of the primary reasons why I say this is that if there is a security breach and you are audited, you can at least say that your SOC was following established procedures, in an effort to help soften the blow of any penalties that might be invoked.

4)     Respond quickly:

If they are impacted, your customers are counting on your efforts to mitigate the risk as quickly as possible, so that they can be up and running quickly, with minimal amounts of downtime.  This will hinge of course the SOC having a well-defined Incident Response (IR) plan in place.  It is not just enough to have it documented, but it must be rehearsed on a regular quarter (something like at least once a quarter), and the plan must be updated with any lessons learned.    To make this is effective as possible, try to get your customers involved as well.

My Thoughts On This:

Another line of defense that an SOC can use is the Zero Trust Framework.  This is where you further segment out your IT and Network infrastructures, and are always practicing this mantra:  “Never Trust, Always Verify”.   For more details on enhancing your SOC, click on the link below:

https://www.darkreading.com/attacks-breaches/7-metrics-to-measure-the-effectiveness-of-your-security-operations

 

 

No comments:

Post a Comment

How To Launch A Better Penetration Test In 2025: 4 Golden Tips

  In my past 16+ years as a tech writer, one of the themes that I have written a lot about is Penetration Testing.   I have written man blog...