Aztech-Welcome

The AZTech IT Blog

IT Industry News, tips and tricks and the latest AZTech IT news

What is a Cyber Security Operations Centre (SOC/CSOC)?

Posted by Michael Houghton | 16-Aug-2021 16:49:26

86% of UK cybersecurity professionals said that they experienced an increase in attempted and successful attacks due to more employees working remotely. The rapid and unplanned rise in remote and hybrid workers have left many organisations with blind spots and a lack of visibility of vulnerable points in their IT security.

Without full visibility of your IT systems, you are faced with questions such as:

How would you know if a bad actor logged into your email from an unauthorised computer? How would you know if a server was under attack or already breached?
How would you know if a personally owned computer was attacking the network from the inside?

What is a Security Operations Centre (SOC)?

The purpose of a Security Operations Centre SOC (Security Operations Centre) or also known as a Cyber Security Operations Centre (SOC)  is to monitor, prevent and detect, investigate, and respond to cyber threats 24/7/365 by using a combination of specific processes and technology solutions. SOC will monitor and analyse activity on servers, endpoints, networks, databases, applications, websites, and other systems searching for suspicious or anomalous activity and behaviour. The SOC is then responsible for recording and reporting any potential security threats and further investigating the said threat.

The SOC houses a cybersecurity team that is responsible for monitoring and protecting all business assets including brand integrity, personnel data, business systems, and intellectual property as well as overseeing all cybersecurity strategy and implementation.

What does a SOC do?

Prevention and Detection

The SOC monitors and protects, Endpoints, Users, Cloud Services, Applications and On-Premises Networks, 24/7 and uses a combination of processes and technology to detect potential harmful threats, which ensures that any malicious behaviour can be blocked, preventing any damage before it is caused.

Investigation

All possible malicious activities are investigated further, so the SOC can identify the nature of the threat, and how far it had already penetrated the IT infrastructure.
A security analyst, usually a member of the SOC team, will perform tests on the network and security from a perspective of a hacker to identify any weaknesses so they can be amended before they are exploited.

Response

Once the investigation is completed, the SOC team will then create a response to the issue, this can include performing tasks such as terminating potentially harmful processes and isolating endpoints.

The SOC team is also responsible for restarting all systems once the attack has been appropriately and fully dealt with. This can include wiping and resorting endpoints, recovering any lost or compromised files and reconfiguring systems.

How much does a SOC cost?

In-house a SOC can cost anywhere from £300,00 to £550,00+ per annum depending on staffing costs, hardware, and software costs, and any maintenance or supplementary work/ tools needed etc. Costs during the first year will be much higher than years to follow, as this cost will have to include the initial purchasing of all equipment and the set-up costs. An expected yearly budget for a SOC, post-set-up is around £400,00 per annum.

Outsourced is a completely different story, however. Businesses that outsource their SOC spend on average £100,00 per annum which includes the set-up and implementation of the SOC. After year 1, it is reported that an outsourced SOC costs businesses between £90,000 and £100,00 per annum.

Managing your SOC

Keeping your SOC in-house

If you have the capabilities of housing an effective SOC in-house, then there are many benefits of keeping your IT security in-house. Keeping your SOC in-house means that your business has full control over all security measures, incidents, and monitoring. Additionally, you can tailor all security operations to best suit the business’s needs.

Factors to include if you are considering an in-house SOC:

  1. Do you have an in-house team, or the ability to recruit an in-house dedicated SOC team?
  2. Do you have the facilities and team to ensure your IT security is being monitored 24/7/365
  3. Do you have an IT budget that will support the procurement of the tools needed for the SOC? E.g., Hardware and software or if a virtual SOC Cloud infrastructure.
Outsourcing your SOC

There are many benefits to partnering with an outsourced SOC provider, as previously mentioned in the ‘types of SOC’ section.
To recap some of the benefits of a managed or co-managed SOC service, would firstly be cost. When partnering with a SOC provider there is no large upfront investment, as most MSP’s
bill their services on a monthly subscription basis. Furthermore, you will not have to recruit specialist IT talent to build, run and manage your SOC.

Secondly, you will have access to cybersecurity skills immediately. This is beneficial for understanding what you need to set up your SOC, running and monitoring your SOC and having expert advice when and if there is a cyberattack. Moreover, having access to SOC experts will make implementation and scaling easy and simple.

completetable_SOC 

 

Topics: IT Security, cybersecurity

Written by Michael Houghton

Technical Director

Subscribe to the Blog!

Free IT Healtch Check