What is a Cyber Security Operations Centre (or SOC)?
The key mission of a SOC is to continuously monitor your environment to detect and respond to threats and improve an organisations ability to keep information held on its systems secure.
By monitoring the threats and learning about them, whether malicious or non-malicious, it is possible to build resilience against them.
It will help to identify negligent or criminal behaviours whether internal or external and help you to respond to security incidents.
An additional benefit is that you will find out more about user behaviours and this could help you develop your strategy around technological advances.
Why do I need a SOC?
You have a responsibility to keep the personal identifiable information that you control or process safe, and if you take payments via credit cards, this would also include sensitive cardholder data. You also have a responsibility to identify security breaches involving personal identifiable information and to report these within 72 hours under the new General Data Protection Regulation (GDPR).
The Payment Card Industry Data Security Standard (PCI DSS) require you to implement a centralised logging function along with user activity audit trails, along with a File Integrity Monitoring (FIM) capability.
ISO 27001:2013 highlights the need for secure monitoring and logging that forms part of your incident response services, included as part of Business Continuity Planning and Disaster Recovery.
If you are an innovative company and have organisational secrets that provide a competitive advantage that would be valuable to your competitors, you will want to protect your Intellectual Property (IP) from theft or loss.
If you have an online business or manage a public facing service, you may want to have full visibility of the threats which could affect you and your clients.
Being able to identify threats puts you in a stronger position to respond and take the necessary action to protect your information assets.
What can a SOC do for me?
The monitoring and incident response requirement you embed within your information management system will depend on your business, but some of the benefits of implementing monitoring other than the greater visibility of your threats are:
· Integrating and reviewing your traffic feeds and monitoring these to increase your protection. Incidents should then be able to be flagged and analysed, and give you the capability to perform forensic investigations.
· Monitoring can also assist you with vulnerability scanning, patching and remediation and allow you to continually improve your defences.
Securious operate within a SOC community so that threats identified from other clients and other members of the community can be communicated and alerts raised.
This should become an integral part of your Business Continuity and Disaster Recovery Plan and we can run exercises with you so that you are prepared if an incident should occur.
An incident response plan identifies how your organisation approaches and the management required in order to handle the situation, minimise the damages to the organisation and reduce the recovery time as well as costs.
How is a SOC delivered by Securious?
Logging and monitoring generates significant information which must be correlated, aggregated and then analysed so that it can be used effectively.
We start with the basics and go through a development process with you. The feeds will come from various sources and we can add more as your visibility requirements grow.
We will adopt tried and tested best practice from our team of experienced practitioners.
If you would like to find out more about how this would be implemented and how it could work for your organisation, please give us a call and we can help explain how this would work in your environment.