September 19, 2019 | By Guy Liberman, Cyber Security Division Manager
10 Musts in Managed Cyber Security Center
As cyber threats evolve and become more complex, many businesses recognize they can’t manage the challenge alone. They’re turning to managed centers, that can provide a cost-effective alternative to manage the security monitoring, detecting, investigating, alerting and responding to cyber threats.
Understanding that organizations require nimble solutions, managed SOC offers a full suite of cybersecurity solutions which support you to prioritize the coverage based on risks to your business.
The core focus is on becoming an extended part of your security teams, which is why it is crucial that the managed SOC services are customized to your organization’s needs.
The following are the Top 10 Musts in Managed Cyber Security Center, which you should envisage, when considering using a managed service.
1. Save the logs: As logs contain vital information regarding the organization’s assets, it is crucial for SOC to ensure that all the logs should reside at the customer’s site, in a secure manner.
2. 24/7 eyes on glass: Cybercrime operates around the clock and generally requires a security operations center with highly trained security specialists who will be there 24×7 to watch over an organization and have monitoring, detection and response tactics tailored for each incident, based on defined incident response procedures. 24x7x365 continuous security incident monitoring and analysis are fundamental for SOC operations.
3. Intelligence – OSINT and Tailored: Security isn’t always enough. Through the global network of threat intelligence-sharing, managed security centers should proactively monitor your environment and the external threat landscape to help prevent and detect targeted cyberattacks and insider threats.
4. ProActive Investigations: SOC must take proactive measures for securing the organization –
such as ongoing weekly analysis of security events (including comprehensive review of high priority incidents), defining trends and operational metrics (as per the intel feeds and known behavior of your environment) and establishing and maintaining cybersecurity policies and procedures (having actionable conduct). SOC should ensure they are evaluating events from multiple sources around your environment (organizational assets) and over time prevents, investigates, and forecasts threats.
5. Hands-on Knowledge: For a Managed Security Service Center, deep knowledge and experience with a holistic and hands-on approach is vital for security operations. Security specialists within the SOC must have the knowledge and experience with leading security solution implementation and operations (in the field of SIEM and SOC). This would enable the SOC to evaluate the environment as per the latest trends and experiences from other customers.
6. Incident Response (IR) Team: As every minute counts when it comes to resolving a security breach, an Incident Response team enables clients to respond effectively and decisively to a cybersecurity incident.
7. Reporting: The SOC should ensure that periodic reporting is provided to you as per your security, compliance and regulatory requirements. A cyber-risk reporting and security dashboard should also be provided to you, which would help you ascertain your strategic direction and structures, and develop effective security posture.
8. Role-based access control: The managed security service center must work with a minimum level of authorization defined as per the security services provided for clients. It must be ensured that by default SOC has read-only access to investigate and monitor your environment, and procedures should be in place to ensure that, as and when needed SOC team gets time bound elevated permissions, to respond or tune the environment.
9. Your system their hands: It must be ensured that as per your security operating model, managed SOC specialists should only be able to maintain and develop the systems such as SIEM, but it should essentially be owned by you (the customer). This enables the managed SOC team to create customized procedures as per your environment, configure the system with correlation rules, integrations (with all your security assets), customized alerts, notifications, reporting and dashboard etc. but at the same time in case of any disputes, you would have the control over security systems (SIEMs), associated licenses, logs and configured contents.
10. Security of the SOC: The SOC should maintain a high standard of security for their Managed Security Service Centers and should be compliant to international standards and regulations such as ISO 27001, NIST, PCI etc. for securing their services and infrastructure (physical and logical).
Learn More, Download our FREE EBOOK to know how to get your business stay on top of immediate and emerging cyber security threats via Next Generation SOC.