Future of the SOC
Future of the SOC
Introduction:
As an industry, it has reached the point where the presence of an enterprise scale Security Operations Center (SOC) has become nearly ubiquitous at large organizations. Gone are the days of selling the importance of centralized log collection, the necessity of security tooling such as security information and event management (SIEM) and budgets and championing the need for a highly trained team of cybersecurity specialists. The question to ask now is “How do we evolve the existing capabilities within our ever present SOCs to match the rapidly changing business environment and threat landscape?” Under the current onslaught of threats such as ransomware, many organizations continue to struggle to find the right balance between prevention, detection, and response security capabilities for their organizations. For larger organizations, it means building, refining, and evolving their SOCs.
An interesting analogy for the inception and evolution of the SOC is aircraft safety. It was only a few decades ago when aircrafts were something that were made by hobbyists and were able to be flown anywhere there was sky. Over time, the industry realized that with so many airplanes and pilots there needed to be some level of regulation and process. The Federal Aviation Administration (FAA) was born, together with regulatory agencies of other countries, to provide needed regulation.
