If the business you work in has yet to establish a Security Operation Centre, with cyber incidents on the increase you may be soon.
You likely already have some of the basic features of security: firewalls, antivirus software, and maybe even some company policies about attachments.
However, the operations as they are currently set up are not organised in any formalised manner; everything is haphazard in its approach. Management has finally decided to wake up and recognise that there is a need for a far more standardised format. The task has fallen to you; they need you to set up a brand new SOC. So, where do you start?
Before you begin, there are several questions that you need to answer:
In-house capability - First look at your human capital. How are the skills of your staff? Do they have the right knowledge and experience to handle creating a solid security operations centre? If not, you may wish to hire a Managed Security Service Provider (MSSP) to help you instead, and determine what sort of framework you need to implement.
System Maturity - What is the current state of your security systems? Are you up to date with the latest threats? Only after you’ve determined your current capabilities can you begin to construct a plan to improve it.
Priorities - The types of risks you face can vary by industry. Identify what the biggest risks are to your business and identify which tools can help you.
Budget - How much money do you have available to spend on security? There are several factors that you’ll need to consider in order to determine an adequate budget. Typically, it makes sense to spend approximately 15-25% of your IT budget on security. While it can be difficult to convince your board to allocate the necessary funding, there are good ways to convince them.
Infrastructure or Cloud - You may not need to purchase expensive hardware and software to manage your in-house systems. If you are managing most of your infrastructure in the cloud, you can save considerably, and pay as you go.
Staffing - How much can your existing staff handle? If you purchase systems that are too complicated, will you need additional staff to run them? There are solutions which focus on automation to reduce your overall staffing costs, so your existing employees can work on more valuable tasks.
Supply chain - A system is only as strong as its weakest link. Determine whether your software suppliers are taking security as seriously as they need to be. This is particularly important if you are making use of cloud-based SaaS software. It’s important that your providers don’t inadvertently provide an easy way of access into your systems.
Choosing the best tools
Now that you’ve determined what sort of software products you need, you’ll need to determine a method for choosing the best ones for your business.
Cost and return on investment - Cost, while important, should not be your final deciding factor; it’s about how effective the tools will be and if they work well with each other. Determine how much security you get in exchange for what you’re paying.
Data Architecture - Will the tools you choose work well with your existing data architectures? Or are they designed for a different type of system?
Functional scope / automation - How much are you getting with this package? Does it provide automated security monitoring, or are you simply receiving more alerts where you need to take action. Note: just because something is automated and means you can leave it alone; you still need to remain vigilant.
Deployment options - Can these systems be installed on premises, or are they cloud-based? Do they offer managed services?
Integrations - What sort of integrations exist for these tools? Can they connect easily with your existing software or will you need to come up with custom solutions?
Configuration and customisation - Will they work straight out of the box? How much customisation has to be done to make them work properly with your systems?
Reporting and insights - The ability to visualise any unusual traffic or vulnerabilities is important for any system. Do the tools provide good reporting? How about suggestions for how to remediate any breaches?
Compliance - At a basic level, will these tools ensure that you are compliant with GDPR or other regulations?
Scalability - If your company or system grows, can the security tools grow with it?
End-user experience - Ease of use is important. Do they provide roadblocks which might cause people to use workarounds and bypass safety mechanisms; it’s important to consider the human element, especially since people are the weakest link in any security system.
Product roadmap - Do the products provide clear documentation about how they work, and what are the expectations that using them will bring? This includes understanding how well they integrate with each other. Is there a clear plan to continue evolving the product to adapt to new security challenges?
Delivery/implementation model - Are these tools designed to work well with your current working models?
Now that you’ve selected products, before you commit it’s often a good idea to test them out to see if they work well for your purposes. Consider setting up a trial run before fully implementing a new system
Finally, you’ll need to make sure you have a realistic plan for implementing new systems. Make sure you assess the impact on your business operations and availability of resources to make it a success.