The pandemic challenged security operations centers – and the IT world — with a substantial challenge: expanding IT ecosystems to enable remote work while protecting networks as the volume of cyberattacks increases. Moreover, the changes are widespread. Gartner reports that 88 percent of businesses and organizations have either required or encouraged remote work, and the United Nations warns that cybercrime has increased throughout the pandemic, with a 600 percent increase in malicious emails.
Saryu Nayyar, Gurucul CEO, says security operations centers (SOCs) are responding. “With the workforce reduced or shifted to a remote work model, SOCs have had to adapt to an altered threat surface.”
She adds, in fact, “Many have seen their own workforce reduced or also shifted to a remote or hybrid remote schedule.”
The Impact on Day-to-Day Operations
Nayyar points out that the changes SOCs are making in response to the events of 2020, depends on their circumstances. “The tools depend on how the organization is approaching the situation, she says. “For SOC teams that are still working from their dedicated space, physical changes to the office, such as protective equipment, are in order.”
On the other hand, Nayyar says Security Operation Centers as a Service providers are facing their own challenges with distributed systems, but technology is available to help. “There are multiple technical solutions, such as VPN and Software as a Service (SaaS) solutions that will let them do their jobs from remote locations,” she says. “They may lose the over-the-shoulder collaboration they were used to, but video conferencing can return some of that capability.
Unified security and risk analytics solutions can also provide value to SOC operators during this time of change – or at any time. Unified security analytics leverages model-driven data science and machine learning to alert you to potential threats. Nayyar explains, “Unified security and risk analytics can help an SOC maintain effective service by giving them consolidated unified risk scores that prioritize the most serious threats in their environment. That lets them focus on the highest risks.”
Changes to SOCs for the Long Term
Along with SOCs’ operational changes during the pandemic, managers also need to review and adapt other aspects of their businesses. “The shift to protected workforce and changes to their own work environment has forced many SOCs to revisit their service level agreements (SLAs) and how they can maintain the level of service they’re known to provide,” Nayyar says. “Depending on how they’ve managed to adapt, they have either been able to maintain readiness or been forced to adjust their services to a level they can manage.”
As with other operations in many other segments of the IT industry and the markets they’ve served, SOC operators may be inclined to make remote work and distributed organizations standard operating procedure moving forward.
“A lot of organizations have found advantages with a remote workforce, and that seems likely to remain the new normal going forward,” Nayyar says. “That will almost certainly extend to the SOC, where teams can leverage remote collaboration tools and remote access to maintain effectiveness. There are some challenges unique to SOC work, but a hybrid or remote model will probably become the new normal here as well.”
Some Things Never Change
Although keeping your clients, their businesses, and their networks safe from cyberattacks are paramount, security operations center providers are discovering there are different means to that end. You may have had to make changes quickly to accommodate stay-at-home orders or a rapid exodus among your clients to remote work, but make time to optimize the new solutions and processes you’ve put in place. You may discover you’ve found a more cost-effective and sustainable way of providing the security services your clients demand.