Gopan Sivasankaran, Senior Manager, Solutioning META at Secureworks, in conversation with Security MEA about the gaining importance of SOC as a Service in the current global scenario as organizations are starting to favour OPEX over CAPEX.
How is the market for SOC as a Service at the moment?
Demand for SOC as a Service has always been strong and I don’t see that changing, because the skill set of attackers is evolving. We see more attacks happening across the globe, especially phishing and social engineering attacks where Covid-19 is being used as a ruse.
Whether or not employees are working from home or the office, employers and individuals still need to make sure there is a certain level of IT security in place. But establishing, managing and maintaining a SOC is a major task, and one that demands a lot of resources, including at least 4-9 highly skilled full-time members of staff.
Even for large, profitable organizations, maintaining a SOC is a major undertaking. Aside from the cost, there are also challenges like hiring and retaining security professionals of the right calibre, and with high demand for security professionals globally, retaining staff is not easy.
Now, with Covid-19 hammering economic growth around the world, organizations are likely to favour OPEX over CAPEX. It makes less and less sense for organizations to spend millions of dollars to build a SOC from scratch, when instead they can achieve the same thing – but more reliably – by adopting the SOC as a Service model.
It also makes more sense to outsource such a complex and important task to an organization that lives and breathes cybersecurity, and that has a global view of the latest threats.
What size of an organization is SOC as a Service most suitable for, and how does it fit into the managed security services offering?
SOC as a Service is suitable for all organizations. However, it should be pointed out that small and medium-sized organizations would struggle to build their own SOC, given the scale of the undertaking. Large organizations can at least have a go at building a SOC, as they may have the capability and the budget to attract talent. But for small and medium-sized organizations, SOC as a Service is really the only sensible option.
Managed security services are evolving and SOC is already an important part of the offering. The traditional managed security service was more about detection, but this is evolving into Managed Detection and Response as the emphasis moves away from just monitoring threats to actually responding to them.
Do you have any advice for companies looking for a SOC as a Service provider?
Companies should keep in mind that the threat landscape is shifting constantly, and cybersecurity threats do not recognise borders. Local cybersecurity players may lack the global monitoring required to give a comprehensive view of the threats. At Secureworks, we look at organizations in 59 countries and monitor 310 billion events every day. If a bank in Sydney is targeted, within seconds the threat is updated across the whole ecosystem.
So, when someone is looking at SOC as a Service, they need to look at the level of visibility the provider has of the global threat landscape.
In addition to this, the organizations should look at how capable the service providers are in terms of responding to incidents. Visibility is responsibility – so once you start detecting threats, it is extremely important to include the investigation and response capabilities of the service provider.