Security Operation Centres: the next frontier of cybersecurity in India

Given the ever-expanding attack surface, organizations today are finding it extremely crucial to lay greater emphasis on having a sharp cybersecurity strategy as they progress in their digital transformation journey.

COVID-19 driven remote working set-ups and digitization by enterprises, has led to increased demand for monitoring newer digital surfaces and infrastructures. Enterprises with a matured cybersecurity function, are also exploring the need for enhanced visibility around critical assets, by adapting to best practices for understanding user behavior, network traffic and flows related to the assets and networks. Cloud workloads and monitoring of applications hosted in third-party environments are also some of the newer monitoring initiatives in such scenarios.

Enterprises have also started to mandate SOC service providers to own the entire Security Incident Life Cycle Management including resolution and remediation, which used to be owned by enterprise stakeholders like application owners, IT/network teams etc. This expectation has increased the demand and the processes involved for SOC services providers leading to increased demands.

The current cyber scenario for enterprises makes it imperative for enterprises to start investing and expanding competencies on several fronts to ensure that they have the appropriate levels of competence and skills to deal with the intensity and magnitude of cyberattacks. These competencies include discovery of attack surface analysis and remediation, discovery of assets on a regular basis, enhanced automation demands, increase in the need to assure the management of the security posture of assets, networks etc., which has also led to the increase in the business for SOC service providers.

The demand for SOC-related services is increasing from all industries and sectors. The rate of adoption of the SOC has increased drastically across sectors like Healthcare, Pharma, manufacturing etc. The demand for enhanced maturity related to adoption of technologies, techniques etc., has been experienced more from the Banking and Financial services sectors.

The government and public sectors have also started to adopt SOC services. At the same time, businesses are rapidly migrating to AI/ML driven automated SOCs to predict attacks vigilantly, covering more attack surface, predicting zero-day anomaly-based attacks, better and faster detection/ response to their organization. The goal is to keep businesses running without any cyber impact and improve consumer experience. Businesses are extensively investing in SOC technologies that mature their strategy from reactive to proactive. SOCs are a function of data centres that are no longer used merely from a compliance point of view but play an integral role in detecting risks and responding real-time to ensure near zero business impact.

Security monitoring services in the SOCs are moving away from traditional SIEM based platforms to Big Data based monitoring platforms. The move to Big Data based monitoring systems provides enterprises with an ability to enhance their detection and analysis, apart from the ability to conduct anomaly and behavioral analytics, which will go a long way in being proactive. The emphasis on conducting proactive discovery of attack surfaces, identifying potential dead/orphan/ abandoned digital assets has evolved, to enhance proactivity around constant reduction of attack surfaces.

Automation has emerged as a critical element in the resolution and remediation of security/cyber incidents apart from increasing the ability of the security analysts to analyze the incidents. The more mature enterprises are exploring the subject of bringing in ‘Observability’ to the whole gamut of Security Incident lifecycle management, analysis, and response.

Adoption of technologies brings its own advantages and disadvantages to the enterprise. The adoption and emergence of AI, ML based technology platforms by enterprises is very welcome, given the fact that they provide the much-needed ability to analyze the day-to-day processes in the enterprise beyond static rules, signatures to a new world of analysis in addition to the learning from the analysis and comparing with the previously learnings.

This article was originally published on ETCISO.