Strengthening defenses: what’s next for Security Operation Centers

A padlock against a black computer screen denoting security
(Image credit: Pixabay)

Security Operation Centre’s (SOCs) are the core engine of any organization's cybersecurity defenses. SOCs provide the critical people and process components of an organization's security posture complementing technology and services. The rise of hybrid working, increasing cyberattacks, and growing dependence on cloud-based applications and services not only forced many SOC teams to rethink the way they operate, but highlighted their vital contribution toward businesses resilience.

About the author

Carlos Morales is the Senior Vice President of Solutions for Neustar’s Security Services.

These increased security risks elevated the role of SOCs from behind the scenes to a leading part in business operations. With remote working here to stay and cyber criminals showing no sign of slowing down, companies have all eyes on data integrity and operational resilience. This puts CISOs firmly in the limelight. Their SOCs, in turn, are feeling the pressure; operating a bevy of security systems against a kaleidoscope of threats, while trying to, maintain compliance and governance– all under direct scrutiny from the board of directors.

Threats to organizations are never static and attackers are continuously finding new ways of carrying out attacks. Recent research from the Neustar International Security Council (NISC) revealed three quarters of organizations were victims of DNS attacks alone in the last year. Increasing attack rates, sprawling attack surfaces, and mountains of data to analyze, flag and respond to all means the SOC has never been under more pressure. So, what is next for SOC?

Outsourcing on the rise

Dependencies on SOCs have become so great that it is essentially too much for any one team to handle. Unfortunately, acquiring knowledgeable security professionals continues to be a challenge and many threat areas requires specific expertise that is even harder to source. As a result, SOC outsourcing will move from supplementary to mandatory, despite inherent reticence to do so. 83% of IT leaders planned to outsource their security to an MSP this year, with the MSP market expected to reach $41 billion by 2022 due to outsourcing security functions. The number of organizations outsourcing their SecOps will only rise, and this isn’t only due to staff bandwidth. This is because having the right security technologies and services is essential, and having the right people is key to getting the most out of those assets.

Trust in third-party providers will become a strong market differentiator, as track records, peer endorsement and of course leading class services will all rise in value as outside support becomes standard practice.

C-suite pressure

Bringing in extra support requires buy in at the senior level, unlocking new budgets and reprioritizing business imperatives. Fortunately, the C-suite is wising up. As a result, we’ve seen SecOps teams evolve and expand during the COVID-19 pandemic, with 85% increasing their budgets, 73% increasing their staffing and 79% increasing their adoption of advanced security technologies according to recent market research.

This year’s news cycle has been heavily monopolized by organizations falling victim to cybercrime. Attacks have now become so common, it’s no longer a case of if a business will be on the receiving end of an attack, but when it will happen for the second, third, or even forth time. As a result, we can expect to see security spend on tech, outsourcing and talent rise in 2022, as part of wider investments in SOC. As a result, SOC spend will make its way firmly on to the c-suite agenda and into board level discussions.

Harnessing technology

The tools available to attackers have become very sophisticated allowing them to hit their targets extremely quickly carrying out their objectives before defenders even notice anything is happening. Because of this, security teams need to be able to see the signs of an attack long before a website goes down or any information is stolen and encrypted. For this reason, every organization should be using some type of always-on online monitoring system that can spot unusual behavior and respond in near real-time, rather than relying on daily reports. If organizations can harness these tools and techniques that identify suspicious activity (the so-called drive-by door-knocking and handle-jiggling) within seconds or minutes, cybercriminals will have much less time to perform their recon, let alone do actual damage.

Looking forward

2022’s cyber scene is set for a shake-up. Stigmas against third party support will make way for C-suite imperatives, while SOCs battle to keep up with their organization's digital acceleration. COVID has forced a new normal for working, and this applies just as much to the SOC as it does the C-suite.

At TechRadar Pro, we've featured the best business VPN.

VP of AI, Ambiq

Over 30 years of research and development experience spanning silicon to cloud. Besides AI, his past roles include building expertise in Cloud-based back-end applications, cybersecurity, workload scheduling, orchestration, and isolation, and efficient networking.