Security Operation Center

SOC (Security Operation Center) & ROC (Risk Operation Center)

Security Operations Center, when is a good choice?

The risks that companies face when a cable connects them to the rest of the world via Internet unfortunately produce a uniquely profitable industry. The professionalization of cybercrime should be studied in universities as an example of a well-used business opportunity. Thus, neglecting security is no longer an option, because the risks that this entails mean that possible savings, at the end, never compensate.

However, the big question is what security approach to take. To facilitate this decision a little, Gartner has published an interesting interview in which Siddharth Deshpande, researcher at the consultancy, talks about Security Operations Centers or SOCs (not to be confused with SoCs, System on Chip, with the lowercase).

To begin with, it is important to be clear about what we mean when we talk about a security operations center. According to Deshpande, a SOC may be defined as a team, often operating in 24-hour shifts, and a dedicated and organized facility to prevent, detect, evaluate and respond to cybersecurity threats and incidents, as well as to comply with and evaluate compliance with legal regulations related to digital assets managed by companies.

And yes, we are talking about human and material resources devoted exclusively to this purpose, which answers the first question that companies ask themselves after knowing what SOCs are: implementing and maintaining a service of this type is complex and has a significant economic cost.

Therefore, the Gartner researcher clarifies that, even for the constant monitoring of our infrastructures´ security (and, of course, the data we manage and store in them), there are alternatives that suppose a lower economic impact. They usually go through outsourcing these aspects with an MSSP (Managed Security Service Provider), that is, a company that will be responsible for managing our infrastructure´s cybersecurity.

Different SOC approaches

Even so, at this point it is interesting to know the various soc approaches that Deshpande mentions, and that is that they may range from what he calls virtual SOC, which does not have dedicated facilities, is partially managed by IT team members and, as a general rule, only operates reactively, to a complete and dedicated center that does have its own facilities, a team of full-time workers with no external elements. Because, and that is another interesting point, you may also manage a SOC that combines internal and external elements.

And what leads companies to launch their own SOCs? Mainly the desire to maintain as strict control as possible over their data, their security management and response process when an incident occurs or a problem is detected. As the value of information grows and the assets we need to protect are more valuable, companies want to have greater control over everything related to them. And while an external vendor may also ensure a more than adequate level of security, constant monitoring and speed of response are a growing demand.