Intelligent SOC Series: The Role of Your SOC in Managing Digital Risk

Apr 05, 2018 | by Amy Blackshaw

Your security operations center (SOC) has the potential to be the cornerstone of your organization’s broader effort to manage digital risk.

Skeptical of that statement? Consider this: your SOC is on the front line, defending your organization against cyber attacks every day. Assuming your SOC has the visibility and analytical capabilities it needs, it witnesses the different methods attackers use against your enterprise, the assets they’re targeting, and the vulnerabilities in your infrastructure they’re trying to exploit. Arguably, no one inside your enterprise knows better than your SOC analysts the threats your organization faces—information that’s essential to managing digital risk.

So what does it take to gather this kind of intelligence and share it with the senior leaders in charge of digital risk management? It starts with an intelligent SOC.

What’s an Intelligent SOC?
The intelligent SOC has true visibility across an organization’s entire IT infrastructure, from the endpoint to the cloud to virtual, hybrid, and of course, on-premises computing environments. In addition, it uses tools that give security incidents some business context—meaning, if an analyst gets an alert that an endpoint may have been compromised, the analyst can quickly find out whether the endpoint is the CEO’s laptop or an intern’s PC and what access to other systems the user with the affected endpoint has.

An intelligent SOC also has sophisticated reporting capabilities: It can provide insight into the number of incidents occurring each day, the nature of those incidents, the time it takes to detect and resolve them, the types of attacks taking place, the assets being targeted and more. Armed with these insights, CISOs can make more compelling business cases for budget increases or additional resources. They can also lead truly informed and persuasive discussions about their organization’s digital risk posture with key stakeholders from across the business.

Evolved SIEM: Centerpiece of the Intelligent SOC
Most security operations centers rely on a security information and event management (SIEM) system to understand what’s happening in their environment and detect malicious activity. However, traditional SIEMs were built for compliance and log management purposes—not for detecting today’s advanced threats. Because they only capture log data, they don’t give security teams the visibility they need across the network, endpoint and other computing platforms. As a result, security teams must rely on a hodgepodge of disparate tools to get end-to-end visibility (or something that approximates it), yet all the toggling back and forth and screen switching that arises from disparate tools hampers analysts’ speed, productivity and effectiveness.

In contrast, an evolved SIEM was built expressly for advanced threat detection and response. It provides true end-to-end visibility across logs, network and endpoint data, and cloud, virtual and hybrid environments on a single platform. It combines threat intelligence and business context with automation, orchestration, machine learning and behavioral analytics to quickly pinpoint the threats that matter most to an organization and help security teams respond to them faster. And it gives CISOs insight into their organization’s cyber risk profile. This robust combination of capabilities aims to alleviate analysts’ alert fatigue, and make security teams more efficient and effective, as it powers the intelligent SOC.

The Transformation of the Security Operations Center
In the security industry, we like to think of the SOC as a vaunted place where the smartest security analysts—poised before giant screens flashing with maps and dashboards and code—shut down attacks with the calm and precision of a Special Forces operation. But we know the day-to-day reality is often different: In many security operations centers, the smartest analysts are drowning in a sea of data, struggling to identify the most significant threats in an endless stream of alerts.

An evolved SIEM can help us achieve our lofty visions for our security operations centers and even take them a few steps beyond by highlighting and enabling their role in digital risk management. With the intelligent SOC firmly rooted in mitigating digital risk, CISOs will be in a better position to cement their seat at the leadership table, advocate for their teams and protect their organization’s from today’s advanced, targeted attacks.

# # #

Learn more about the capabilities of the RSA NetWitness® Platform evolved SIEM on rsa.com.

Author: Amy Blackshaw

Category: RSA Fundamentals, Blog Post

Keywords: Security Operations Center, SIEM, Digital Risk, Evolved SIEM, Intelligent SOC