Do we really need a SOC Unit?
Should we invest our time, effort and money in building SOC?
Are we really going to get value out of it?
Should we just build it for the tick in the box?
These questions must be answered first before deciding building SOC Unit because it requires a considerable investment of time, efforts and money as well. The objective of building SOC should be clear, and business goals should be well aligned with it.
The drivers for SOC are:
• Security Visibility – SOC unit provides visibility to stakeholders about the security incidents happening in the organization and helps them in taking necessary action. Effective and advanced SOC leaves no blind spots
• Compliance Requirement – Some regulations govern organization to have a SOC unit in place to comply with their standards, compliance and it ensures that necessary security controls are in place to protect the classified information.
The irony is organizations once implement SIEM technology, does not invest much on People and process part resulting they don’t get much value out of it. However, it is being used to comply with their regulations, standard.
We deploy CCTV to protect our building infra; people etc. works to protect from security incidents, i.e. one of the controls for physical security. SOC Unit works similarly to protect organization’s classified information, assets and to address security incidents.
So YES, SOC Unit is required to protect organizationand comply with the standards as well; however, now the questions are:
How big our SOC setup should be?
How much should we invest in SOC Unit?
Should we build SOC by ourselves or should we outsource to MSSP’s?
How much value can we achieve over the period of 1 yr., 3 yr., 5 yr. etc. (overall TCO)?
SOC Drivers: Security Visibility, Centralize log Management, Compliance, Anomaly Detection, Cyber Security
Targeted organizations: All organizations who deal with classified information and for those Confidentiality, Availability and Integrity matters.