These are the top 4 reasons why companies get stuck when they are deciding the next steps for their Security Operations Center journey.
At Nynox we assist companies to establish their Security Operations Center (SOC) either in-house or through our SOC as a Service. After countless procurement processes, deployments, meetings, and workshops we have identified the most common pitfalls that can make SOC initiatives fail.
The TOP 4 REASONS:
1
🚀 Define your “Why?” before getting lost in the process
Having a SOC will yield various security improvements to your organization. With no clear goals and thus direction, you will end up losing time without making any decisions.
Think about how you are planning to perceive value from the SOC.
Identify the reasons behind the shallow statement “We want security”: Is it compliance? Is it transferring risks or showing competence? Is it to increase the security posture of the company? Or is it to adhere to contract obligations?
2
Avoid getting lost in acronyms and terminologies
So you have decided to get into the SOC world, great.
Now, you must understand that SOC is not Machine Learning, AI, SIEM, XDR, EDR, NTA, NextGen firewalls nor User Behavior Analytics (UBA).
SOC implies people, processes, and technologies: Any combination of these will do as long as they meet your “Why?”
3
Don’t be afraid of creating your own definition for SOC
A company may establish a SOC through EDR and 5×8 coverage alone. At the same time, other companies require additional technologies and different teams.
While we recommend following best practices, do realize that every company is unique.
Establish what you think you need from the perspective of people, processes and technologies. Then proceed to challenge your peers and especially vendors with your brand-new definition.
4
🚀 Strings attached? Never!
The only way to test services and technologies is by using them. Work with vendors and providers that allow you to put in place the required parts with the lowest possible investment, this will help you avoid the sunken cost fallacy.
Experiment and identify what worked and what didn’t, iterate and change your internal SOC definition. Your internal definition of a SOC can change from the original one, this is a good thing.
