Is your existing security operations model too complex?

by Ron Newman

30 October 2020

Man standing on the roof of the building
In the current threat environment, smart companies have a cybersecurity plan in place, but many continue to grow the number of security products and solutions deployed.

As companies battle an ever-expanding number of threats, many organizations are also waging an internal battle against the growing cost and complexity of their security architecture. In some cases, this growing complexity in companies’ cybersecurity systems raises questions about whether incidence response teams will have the right evidence to support the right response after a security incident.

Security teams are becoming overwhelmed by the large number of complex systems they’re required to operate. At the same time, many companies are finding it difficult to recruit and hire qualified security professionals.

Transformation instead of confusion

If these cybersecurity systems are causing additional complexity in a company’s security team, a transformation of its security architecture may be needed.

Transforming the security operating model puts security and incidence response teams back in control of detecting vulnerabilities and threats and, if a breach happens, helps them manage incidents with a minimum impact on the business. Many companies are now looking for a more mature, proactive approach to security monitoring and incident management.

Three colleagues looking at a laptop screen

Many companies are now looking for a more mature, proactive approach to security monitoring and incident management.

An overhaul of a company’s cybersecurity systems can be driven by several issues, many of them linked to the complexity of the existing setup. In many cases, security teams have a lack of visibility into the information they need, including security incidents.

Many companies are looking for a central nervous system for security response, some are looking to extract value from existing cybersecurity and IT investments and others are concerned about securing their cloud-connected systems, having identified a need for a wholistic security monitoring, response, and reporting program.

A new as-a-service model

One possible solution to this growing complexity in security systems marries the cloud computing model with a more traditional managed security approach. This new model, a security operations center as a service (SOCaaS), gives customers a managed security information and event management (SIEM) service and provides ongoing monitoring, alerts, and incident analysis.

The managed services provider fully operates the SIEM platform, freeing up customer cybersecurity teams for higher-level work. With the best SOCaaS solutions, the service is delivered by certified analysts and engineers, using defined and repeatable processes.

Lady in a blue top typing

With the best SOCaaS solutions, the service is delivered by certified analysts and engineers, using defined and repeatable processes.

These managed services offer several advantages. The trained employees practice operational discipline – they’re entirely focused on security and security processes.

SOCaaS can also help customers deal with staffing challenges as many companies struggle to find qualified cybersecurity professionals. SOCaaS services offer 24/7 by 365 coverage, when many customers can’t keep security teams working around the clock, and large managed services organizations can also offer the perks and experience that lead to better retention of security professionals.

These managed services providers often also have access to a variety of additional subject matter experts.

Best of breed

In addition, these SOCaaS offerings will choose the best-of-breed SIEM products to work with. Different SIEM tools have different strengths with some offering broad product support and excellent data visualization and reporting, while others offer robust support for cloud security and low costs. A good SOCaaS provider will give its customers several options to choose the best SIEM platform for them.

In conjunction to SOCaaS your managed security partner can also offer customers various additional services such as device management, vulnerability management, and incident response.

Lady in a green jersey typing

A SOCaaS provider improves an organization’s risk modeling and management capabilities.

The service blends traditional log monitoring and advanced network forensics with live business data to produce relevant, in-depth intelligence about today’s vulnerabilities and tomorrow’s threats. This service improves an organization’s risk modeling and management capabilities, based on a clear understanding of the internal and external threat landscape.

In short, a SOCaaS integrates best-of-breed products with proven processes and highly skilled staff, increasing visibility into the network, speeding up alert response and resolution times, as well as providing proactive risk and threat modelling, and mitigation.

Ron Newman

Ron Newman

Senior Vice President, Security Division, Americas at NTT Ltd.