Security Operations Centers. How Do They Work?

How did the company’s information network security system look like some 10 years ago? “Prohibit and keep out” principle was drilled into IS specialists’ minds. As soon as Odnoklassniki, VKontakte appeared, the access should be immediately closed. Managers found a game in a browser; it should be promptly blocked before everything goes wrong.

Today’s Internet is not just 3 and a half websites with games and 1 and a half social networks. It will not be possible to block the access, and forget about the problem. Moreover, many “suspicious” resources, when getting into skillful hands of advertisers, managers, and marketing analysts, are proved to be quite useful and may generate profit.

By the way, as for viruses, it's not all that simple as it has been previously. It is difficult to find a company which has never faced fishing “good luck letters”.

No prohibition or ban will improve the security in the world of high-speed Internet and mobile devices. The approach of ostrich hiding its head into the sand just creates the illusion of security while predators are getting ready to grab a tasty piece of valuable information.

There is only one way out, it is necessary to take the lead. The proper security level may be achieved using intellectual systems analyzing actions of users, registering incidents and abnormalities, for example SOC.

Security Operations Center is a complex of technology, processes and people having specific experience and knowledge. Their general goal is to register and prevent attacks while improving information security quality and level. SOC simplifies processes, accelerates work, and improves reliability.

“To simplify and accelerate” are key concepts directly indicating that SOC allows not only to take the company’s security to a new level but also to decrease the burden of employees of both IS division and the entire company.

And this means the only one thing: less work – less expenses – higher performance.

Softline SOC’s or Infosecurity SOC’s (ISOC’s) advantages include elaborated and smoothly running processes for big corporations. Our product can deal with over 70 thousand event sources.

We differ from our competitors by technology used. When building ISOC, our experts were focused on three basic principles: manufacturability, reliability, and flexibility. That's exactly why it is based on open source along with a number of own innovations. First, such solution provides succession: finalization and innovation process will not be stopped because of withdrawal of key professionals. Secondly, it is flexible: we can customize the product for the customer’s business.

Our team includes analysts, monitoring group responding to typical incidents, and developers continuously improving SOC components. The availability of competent staff is extremely important for the successful work. And this factor is a primary advantage thanks to which it is much favorably to purchase the system than to try making it by own efforts starting from scratch.

What is going on during deployment of own SOC? A Director signs a budget, IT employees start generating the product, IS budgets are boosted to incredible amounts. In process, absolutely all related subdivisions are affected as there are no spare money, and in case the money should be invested somewhere, consequently it should be obligatory cut somewhere. Finally, the system is deployed.

And suddenly it is found out that façade of high-tech solution conceals something clumsy. Some important options are absent as the unsuitable platform has been selected, and it has a number of considerable restrictions. Another options work less than perfect. That is why at the development stage a regiment of programmers has participated, and each programmer has made its contribution to bags and errors. Business tasks are not dealt with.

Keenness on “own SOCs” is like thirst for DCs or exclusive CMS-based websites. It is a beautiful, but absolutely inflexible toy. Most customers prefer to implement out-of-the-box solutions customized for them because of their adaptivity and, surely, lower price.

Absence of well-coordinated, experienced team is the most important aspect leveling the attempts to deploy SOCs by own efforts. SOC consists of not only hardware for information collection and online process monitoring. It also includes analysts who are able to process information round-the-clock. If any component, from analyst to personnel monitoring module, is excluded from SOC, it will be the wrong thing, for example, SIEM, or hugely expensive antivirus. The entire solution efficiency depends on joint efforts of software and people supervising it.

It is not possible to organize such team without assistance. The staff shortage is observed in the market. There are few experts, and they do not want to work for small companies and receive “average” salary. As for analysts, the situation is catastrophic, there are no such experts at all. Meanwhile, a company needs at least several specialists. One or two employees will not be able to manage the task flow for dealing with which five experts are needed by all accounts. Consequently, a critical situation is detected with extensive delay.

Not only companies trying to deploy own SOCs, but also some integrators suffer from lack of trained personnel.

The team is one of the most important resources ensuring high efficiency of Softline’s ISOC.

We offer two packages: Basic and Advanced. They include connection to cloud, organization of delivery of security events from the customer’s infrastructure to ISOC; setting rules of incident detection; setting response automation system; round-the-clock security monitoring; advanced consultations and online host analysis, and prompt response of experts for detection of incident cause and its resolution. We not just notify the customer, we perform a full scope of work for threat investigation and liquidation.

The Basic package provides for 6 basic types of supported devices, and the Advanced package covers 35 basic types of supported devices. Their number continually grows as soon as new connectors are ready.

Plazius, a company developing mobile payment system and digital marketing platform, is among our customers.

Within short timeframes, Softline’s experts deployed the pilot project. Meanwhile, all installations and settings were performed in process.

We-coordinated work of the team ensured business continuity and no faults or downtime. As soon as basic settings were completed, ISOC was customized for the company. Owing to analysis of the collected data we added specialized event sources taking into account the specific nature of the customer’s processes to standard ones.

Acceptance tests demonstrated compliance of the system with the initial requirements of the customer.

A high cost-efficiency of the project should be noted. Plazius avoided participation in hard process of recruiting expensive specialists. At the moment, all tasks and duties has been assumed by ISOC support team. Considering labor costs and accompanying expenses for organization of the IS department, it is much cheaper to employ services of the contractor.

Subscribe to news

A confirmation email has been sent to the indicated address.

Material rating