It’s always been a challenge for security operations center (or SOC) teams to have enough personnel, expertise, and integrated tools to stay one step ahead of threats to the network. As technology advances to the cloud stack and IoT increase threat vectors beyond the network’s edge, the Security Operations Centre (SOC) often struggles to maintain visibility and proactive threat detection. The SOC must constantly grow to meet the goal of gaining visibility into active and emerging threats through:
- Personnel roles, responsibility, training, and staffing
- Security tools
Security monitoring tools receive raw security-relevant data such as log events, data transfers, firewall activity, and more. Extending that reach to the cloud and beyond the network edge is a necessity in today’s digital threat landscape with countless endpoint vulnerabilities.
Log management, analytics and Security Incident and Event Management (SIEM) tools all must work in an integrated fashion. This is the only way they can deliver a proactive rather than reactive position for public and private entity threat detection and resolution as parts of the SOC.
But finding suspicious or malicious activity by analyzing alerts and acting upon them can grow more challenging as IoT and the cloud present a shifting target. The need for a comprehensive SOC and managed security services provider (MSSP) support has never been more vital to public and private organizations and the costs of technology implementation and staffing has made it more difficult to manage. Newer emergency technology SOC challenges require meeting them by growing and changing.
SOC and IoT
No one needs reminding that there are millions of IoT devices in use, and if your organization contributes to that number, securing them should be a constant pursuit. What you may not know is that 98 percent of all IoT device traffic is unencrypted and over half of all IIoT devices are vulnerable to medium- or high-severity attacks according to the Palo Alto 2020 Unit 42 IoT Threat Report.
This makes a SOC and SIEM critical tools to protect against the new threats. IoT threat actors add a different dynamic than most network endpoints. These device endpoints and the cloud pose access vulnerabilities that not only pose data and control theft issues but serve as the entry point to broader network intrusions.
SOC & the Cloud
Public and private organizations are operating in a multi-cloud-strategy world with applications and workloads spread across cloud providers along with public and private clouds.
This new dynamic of infrastructure as a service (IaaS), platform as a service (PaaS), and software-as-a-service (SaaS) apps hosted in the cloud can mean:
- Major challenges to gaining a full view of hosted data locations
- Full visibility across all platforms where business information is stored and transacted
- Lack of a full view of your corporate security program and risk profile
The major cloud service providers offer tools that let you monitor their environment. You must still deal with the shared responsibility model, which means you need a holistic view to correlate threats and assess how one threat may affect other resources.
COVID-19 has changed the way we work and the way we access data and the network. With so many employees working remotely, IT groups are routing more traffic directly to cloud apps, rather than through the network. In this model, traditional network security controls aren’t enough. Endpoint signals and identity-based security matter more than ever. Since many of the remote workforce changes will become permanent for many organizations, the SOC will also need to adjust.
These types of intrusions can go unnoticed by SOC personnel lacking the training or the tools that can meet this new threat landscape. This lower awareness of attacks can make them invisible to the technology blind spots of the SOC due to unsecured devices, which can have far reaching potential for disaster.
Thousands of potential endpoints and environments that need to be monitored can mean an equal or greater number of alerts with many not being a legitimate threat. Using several tools that lack true integration can make it difficult to correlate signals across an entire environment. The result may mean hours combing through false positives and a likelihood of missing true issues.
SOC and the Supply Chain
Another of the many areas of public and private sector operations fallout spurred by the COVID-19 pandemic has been the supply chain. Both regional and global supply chains have become vulnerable as more enterprises adopt digitized management systems. The scope of the problem shows that there have been nearly 300 supply chain cybersecurity incidents last year according to the DHL Resilience360 2020 Security Report.
The digital shift of supply chain management includes applications, the cloud, networks, and IoT endpoints, which makes for a complex threat landscape that can be exploited in the COVID-19 era’s pressure on supply chains. With increasing ransomware attacks, they have become big with networks infiltrated by hackers blocking system access and encrypting data for payment or chaos purposes.
In the public sector, the federal CISO Council has focused on supply chain risk management. This has major implications for the cybersecurity maturity model certification (CMMC) standard and NIST SP 800-53 security controls for contractors.
Defining a comprehensive playbook for the SOC can be hit-or-miss with these new threat vectors resulting in an inadequate reference for meeting crucial needs during exercises to inform decision making. The costs and complexity with setting up, manning, monitoring and updating the SOC is an overwhelming challenge for even the biggest enterprise and government agencies.
New tools like artificial intelligence (AI) and machine learning (ML) can help provide problem focus on alerts and proactive searches while tool integration and automation can keep the SOC one step ahead of attackers. But there is still the problem of making this happen, which is where cloud based SOC as a service comes in.
At End-to-End Computing we offer the best IT security services in the industry, reducing the cost of investing in licensing, new technology, staff and training. We have over 50+ years of experience offering IT solutions to clients in both the private and public sector. Contact End-to-End Computing now to set up a free cybersecurity assessment and trial.