SOC’s New Look in the New Normal

Security operations centers (SOCs) are continuing operations with distributed systems, remote or hybrid workforce models – and it's working.

security operations center

The pandemic challenged the IT world to enable remote work while protecting networks as the volume of cyberattacks increased. Moreover, the changes were widespread. Gartner reports that 88 percent of businesses and organizations either required or encouraged remote work, and AntivirusGuide.com warns that cybercrime increased significantly since the pandemic, with a 19 percent increase in intrusion attempts and a 77 percent increase in IoT malware attacks for Q1-Q2 2022 vs. Q1-Q2 2021.

Saryu Nayyar, Gurucul CEO, says security operations centers (SOCs) are responding. “With the workforce reduced or shifted to a remote work model, SOCs have had to adapt to an altered threat surface.”

She adds, in fact, “Many have seen their own workforce reduced or also shifted to a remote or hybrid remote schedule.”

The Impact on Day-to-Day Operations

Nayyar points out that the changes SOCs made in response to the events of 2020, depended on their circumstances. “The tools depend on how the organization approached the situation, she says. “For SOC teams that still work from their dedicated space, physical changes to the office, such as protective equipment, are in order.”

On the other hand, Nayyar says Security Operation Centers as a Service providers are facing their own challenges with distributed systems, but technology is available to help. “There are multiple technical solutions, such as VPN and Software as a Service (SaaS) solutions that will let them do their jobs from remote locations,” she says. “They may lose the over-the-shoulder collaboration they were used to, but video conferencing can return some of that capability.

Unified security and risk analytics solutions can also provide value to SOC operators during this time of change — or at any time. Unified security analytics leverages model-driven data science and machine learning to alert you to potential threats. Nayyar explains, “Unified security and risk analytics can help a SOC maintain effective service by giving them consolidated unified risk scores that prioritize the most serious threats in their environment.  That lets them focus on the highest risks.”

Changes to SOCs for the Long Term

Along with SOCs’ operational changes during the pandemic, managers also need to review and adapt other aspects of their businesses. “Changes to their own work environment have forced many SOCs to revisit their service level agreements (SLAs), and how they can maintain the level of service they’re known to provide,” Nayyar says. “Depending on how they’ve managed to adapt, they have either been able to maintain readiness or been forced to adjust their services to a level they can manage.”

As with other operations in many other segments of the IT industry and the markets they’ve served, SOC operators may be inclined to make remote work and distributed organizations standard operating procedures moving forward.

“A lot of organizations have found advantages with a remote workforce, and that seems likely to remain the new normal going forward,” Nayyar says. “That will almost certainly extend to the SOC, where teams can leverage remote collaboration tools and remote access to maintain effectiveness. There are some challenges unique to SOC work, but a hybrid or remote model will probably become the new normal here as well.”

Some Things Never Change

Although keeping your clients, their businesses and their networks safe from cyberattacks is paramount, security operations center providers are discovering there are different means to that end. You may have had to make changes quickly to accommodate stay-at-home orders or a rapid exodus among your clients to remote work, but make time to optimize the new solutions and processes you’ve put in place. You may discover you’ve found a more cost-effective and sustainable way of providing the security services your clients demand.