Operate at scale, no matter where the security team may reside, at any time and in any capacity.
Automate workflows and accelerate processes, while freeing people to do more strategic work.
Hire talent where they live as opposed to where the office is based.
Embrace cloud-native security operations. The shift to the cloud has swept across every area of business, including SecOps. With networks, applications and other assets that the SOC protects increasingly being built on cloud-native foundations, it makes sense that the tools and platforms security teams use are also constructed with this architecture. This grants the SOC access to the attractive benefits of cloud native: Rapid innovation, scalability, and business resiliency, all of which help improve threat detection, investigation and response. In addition, cloud-native SOCs are built to flourish in a remote-centric world, as cloud-native gets engineered for the cloud without having to rely on physical servers.
Foster collaboration. SOCs are no longer self-contained. Organizations are increasingly leveraging MSSPs and MDR providers for agility, scale and cost-savings and to help fill competency gaps. At the same time, security operations professionals are increasingly working remotely rather than in a centralized office. Taken together, the need for real-time collaboration with both distributed colleagues and external partners has never been greater.
Automate. The modern SOC must embrace automation. Automation helps reduce human intervention in time-consuming and tedious tasks, and addresses the talent shortage prominent in cybersecurity. Increasing the use of automation also helps speed response times and reduces risk by creating repeatable detection and response processes, freeing up analysts and engineers to work on more strategic – and more inspiring – tasks.
Transform the culture. The modern SOC must transform its culture in two main ways: First, starters security teams are too often viewed as a risk-averse group who say “no” to requests for new tools, applications and cloud services. This must change. Rebuffing requests only results in employees seeking workarounds and introducing shadow IT, which increases risk and weaker security. Second, SOCs must develop greater racial, gender and cultural diversity within their teams. Heterogeneous teams make an organization’s security posture stronger by bringing unique perspectives, different ways of analyzing problems and novel solutions.
For a successful implementation or expansion of security automation processes, businesses should create a specific project team and slowly build trust throughout one's organization, says Mastercard researcher Donnie Wendt.