Security Operations Centers of the Future: Combining People, Systems and Automation to Address New Threats
By: Reut Hackman, Chief Security Advisor at Cybrella, Tel Aviv
Hackers often prey on the weakest link of every organization: employees with little or no cyber training. Consequently, it is essential that organizations educate their employees about basic cybersecurity best practices, and either implement or improve existing Security Operation Centers (SOCs).
Simply having an SOC team no longer cuts it. Indeed, companies like Optiv and Microsoft are transforming their SOC teams into Advanced Fusion Centers where they customize their cybersecurity approach for each client’s needs and then evaluate the utility and performance of the program. This transformation is made possible through automation, which helps eliminate unnecessary, repetitive tasks.
Automation also accelerates time of resolution (TTR) and frees human operators from the mundane and routine tasks that bog down team members so SOC teams can focus on complex tasks, which ultimately optimizes their value.
Rapid detection or TTR, is what differentiates the most effective SOC teams. Although humans can be weak links in cybersecurity, they are highly adept at adaptive analysis. That is, humans can quickly convert low quality signals into high quality analysis. This can be especially useful in analyzing low-risk incidents that could spiral into high-impact activities, as this deceptive tactic is becoming increasingly popular among hackers. By harnessing and strengthening this human skill, SOC teams can become better at detection and reduce time of resolution.
By combining automation and human skill, SOC teams can be upgraded to the next level, lowering their mean time to detect (MTTD), mean time to respond (MTTR), and overall dwell time, which is the entire time between when the attacker enters the network to when it’s removed.
At Cybrella, SOC Team Upgrading is one of our five Cyber Training Programs offered.
Members of the Cybrella team share lessons learned from standing up one of Israel’s most successful SOCs and from experience in working with other SOCs. The training program highlights the best practices for effective and efficient SOC management by running various simulations with the target SOC team, and helping SOC managers, engineers and analysts better detect and remedy security threats at a rapid pace.
Please reach out if you would like to learn more.
Rapid advances in technology in Smart Cities are growing in parallel with advancements in Smart Factory and other Industrial IoT (IIoT). What makes them similar? The number of endpoints, for one, as deployments are growing larger and more complex.read more
For better or worse, technology is taking over. And I don’t mean in the obvious “everybody is connected to their smartphone” kind of way. Rather, in a more holistic and invasive way, we are letting technology reach and control every little aspect of our lives.read more
The Industrial Internet Consortium recently announced the publication of the Data Protection Best Practices White Paper, as another collaborative step in establishing data security, privacy and trust enhancements across multiple devices, sensors, gateways, applications, clouds and systems being deployed in industrial settings.read more