Security Operations Centers Will Become More Prevalent Soon

I wanted to dive a little deeper into SOC and not your dirty laundry but security operations center and really the next wave that businesses are going to be looking at – whether you’re a small business and working with an outside IT firm or you’re a large enterprise and you have your own in-house IT staff, security operations centers are going to become more prevalent and more key to day to day business security.

So we talk a lot about managed security, managed services. Your basic managed security really is just dealing with your endpoints. You’ve got your PC sitting over here. You’ve got a router, some firewalls. Maybe you have some other devices up here in the cloud and your managed security is really just making sure these individual endpoints are secure.

You’ve got software sitting on here, preventing bad things coming in and bad things going out. But there’s not a lot of deep dive event log monitoring going on and things like that. It’s just really some prevention tools out there.

Then of course we talk about managed services or your in-house IT that is protecting your environment. They’re monitoring the systems on a daily basis. We have servers sitting out here that are sending us information going, “Oh, hey, this is out of disk space,” or “We have this issue going on. You need to go out and take a look at it,” or we have some scripts that are going to try to fix some things through automation. So we’re looking at managed security here.

Basic endpoint protection. Managed services is really your outsourced IT department or in-house IT if you have your in-house IT department. But to get a deeper dive into this and ensure that somebody has not compromised Suzy’s account and Suzy is logging in at 11 o’clock at night, when she never has, or Dr. Joe is accessing HR files that Dr. Joe really doesn’t need to access or has never accessed before. We need a security operations center, whether it’s an in-house security operations center or it’s a third party security operations center.

What the SOC is doing is you got a bunch of guys sitting up here, a bunch of engineers and your workstation and your router and your cloud and maybe you have some in-house servers.

All of these devices and applications are sending their log information up to the security operations center. What these guys up here are doing, they’re analyzing everything that comes in. Every log from the router, every log from your workstations, file access, application access, what your applications are doing, they’re reviewing it. They’re analyzing it and then they’re going to send back down to you, to the IT folks, what you need to be aware of.

They will tell you. Hey, Suzy logged in 11 o’clock last night. She has never done that before. We ought to go and look. Was it really Suzy? Do we need to compare IPs?

Dr. Joe accessed his HR files. Why did Dr. Joe do that? Did he really do that? Was his account compromised? Maybe we have a bot sitting here in the office that’s going out and accessing certain files and your standard managed security is not seeing that.

Managed services or in-house IT department is overwhelmed with projects and day to day operations. They don’t know about this little piece of software sitting out here dormant maybe for the past six months and now all of a sudden it’s going out and just collecting some data.

If you don’t have a way to continually monitor this ménage of information that’s coming in, you have no visibility to what is really going on in your environment.

Again whether you’re a small business, even if you don’t have any servers in-house, you’re working with all these cloud applications, you’re relying on that cloud partner to keep you safe and know what’s going on.

If they don’t have their own in-house security operations center or they’re not working with someone, they have no visibility of what’s going on or they’re putting that responsibility back on you.

As a small business, you don’t have millions of dollars to invest in a security operations center. So let’s continue to be safe. Let’s continue to be secure and let’s start looking at security operations centers and working with your in-house IT or your managed service provider to get that in-depth security that is going to become critical in day to day business.

No longer is a password enough. No longer is two-fact authentication enough. No longer is some basic security software enough. We’re getting into the day-to-day deep dive real world. This is what we have to do to stay in business and stay safe. Have a great day.