Industry Insights

Security Operations Centers of the Future: Combining People, Systems and Automation to Address New Threats

May 19, 2020


Tal Katz

Cloud & IT Security Director

Hackers often prey on the weakest link of every organization: employees with little or no cyber training. Consequently, it is essential that organizations educate their employees about basic cybersecurity best practices, and either implement or improve existing Security Operation Centers (SOCs).

Simply having an SOC team no longer cuts it. Indeed, companies like Optiv and Microsoft are transforming their SOC teams into Advanced Fusion Centers where they customize their cybersecurity approach for each client’s needs and then evaluate the utility and performance of the program. This transformation is made possible through automation, which helps eliminate unnecessary, repetitive tasks.

Automation also accelerates time of resolution (TTR) and frees human operators from the mundane and routine tasks that bog down team members so SOC teams can focus on complex tasks, which ultimately optimizes their value.

Rapid detection or TTR, is what differentiates the most effective SOC teams. Although humans can be weak links in cybersecurity, they are highly adept at adaptive analysis. That is, humans can quickly convert low quality signals into high quality analysis. This can be especially useful in analyzing low-risk incidents that could spiral into high-impact activities, as this deceptive tactic is becoming increasingly popular among hackers. By harnessing and strengthening this human skill, SOC teams can become better at detection and reduce time of resolution.

By combining automation and human skill, SOC teams can be upgraded to the next level, lowering their mean time to detect (MTTD), mean time to respond (MTTR), and overall dwell time, which is the entire time between when the attacker enters the network to when it’s removed.

At Cybrella, SOC Team Upgrading is one of our five Cyber Training Programs offered.

Members of the Cybrella team share lessons learned from standing up one of Israel’s most successful SOCs and from experience in working with other SOCs. The training program highlights the best practices for effective and efficient SOC management by running various simulations with the target SOC team, and helping SOC managers, engineers and analysts better detect and remedy security threats at a rapid pace.

Please reach out if you would like to learn more.


Related Posts