Enterprises are always looking for new ways to address the age-old question: How to we keep outsiders out of our IT networks?
The rapid evolution of technology is a double-edged sword of sorts. On one hand, it means businesses can keep updating their systems and taking advantage of the newest security measures on the market. On the other, hackers and other wannabe intruders have access to increasingly sophisticated tools. This means companies need to be more vigilant to avoid costly data breaches.
The security operations center (SOC) has emerged as one potential infrastructure for protecting enterprise IT networks. As is the case with any solution though, there are both benefits and challenges to consider before implementation.
Here are four challenges businesses will face when it comes to establishing an effective SOC.
Building an In-House SOC Is Costly
Building and growing an in-house SOC tends to be quite costly - it requires initial investments in technology and people as well as maintenance investments when updates are needed.
According to research from the Ponemon Institute, enterprises can expect in-house SOC to cost around $2.8 million annually, with half those expenses going toward labor. Meanwhile, 44 percent of IT professionals surveyed say the return on investment their organization is receiving from SOC is getting worse, likely due in part to the strain put on such systems by high rates of employee turnover.
Many Organizations Face a Skills Gap
Speaking of employee turnover, it's impossible to weigh the benefits of in-house SOC against the significant challenges it addresses without considering the resources it takes to train and sustain the experts needed to make it work.
There are different tiers to consider when building out an SOC. Here's an example of how this structure might look from SearchSecurity:
-
First tier: Alert analysts
-
Second tier: Incident responders
-
Third tier: Subject matter experts/hunters
-
Overseer: SOC manager(s)
Adequately staffing an SOC requires certain specialized skills, many of which are in short supply in our current labor market. Of course, it's absolutely possible to upskill current analysts and engineers so they're able to take the reins on certain responsibilities - but again, it will require a certain amount of time, training and onboarding to get ready.
Enterprises Struggle to Take Advantage of Data
Although there's more data available than ever before about all things cybersecurity, many companies are still struggling to capitalize on it - that is, use those insights to improve efficiency, shore up vulnerabilities and make savvy IT decisions.
One reason some enterprises opt to outsource certain aspects of network security is that third-party providers can leverage data - using artificial intelligence and machine learning - to continually refine their efforts and make decisions pertaining to cybersecurity. While some companies can handle this task in-house, many are still ramping up their data analytics efforts and find it helpful to lean on a managed security services in the present.
Security Monitoring Is Growing in Complexity
Last, but certainly not least complicated, is the fact that the enterprise cybersecurity landscape is continually growing in complexity. This means more threats emerging and more work for IT teams.
As TechBeacon cites, more than one-fourth of IT and security professionals (27 percent) say security monitoring is getting more complex due to the need to protect a "growing attack surface." More than one-fifth of these professionals also feel they're so busy dealing with emergent issues that they're unable to devote time to improving strategy and processes. This makes it difficult to evolve an in-house SOC over time because experts tend to find themselves devoting so much of their effort to staying slightly ahead of threats.
Establishing an effective security operations center today is not without its challenges. These include cost, skills shortage, the need to capitalize on data insights and ever-more-complex networks to safeguard.