Cyber Security for Small to Medium Enterprises
The Security Operations Centre
Part 1 of 3: Understanding your needs
Posted by Nick Hague, CEO on June 22 2021
When speaking to ‘CxO’s in smaller to mid-sized organisations who have had little exposure to Cyber Security services (other than an annual penetration test), there are quite often a variety of pre-conceived ideas of what a Security Operations Centre looks like.
Images are quite common of a mission-control style darkened room or bunker that requires a military-sized budget to run. Giant screens are adorning the walls showing the latest threats, alarms ringing, serious techie-looking people buried in code preventing the ‘virtual missiles’ from hitting home.
Like most things in IT, the reality is somewhat less theatrical but equally as serious.
The gap between the haves and the have-nots.
For large corporations, we are in a time where protection against cyber attacks have become a daily reality and it is very rare for them not to have a CISO and security teams delivering a comprehensive strategy to minimise the risk and impact of a breach.
For smaller to medium-sized organisations that don’t yet have a permanent CISO role and don’t have the expansive budgets or the internal training of their larger counterparts, there is clearly still a gap. This gap is both in understanding the risks that their company faces, how to mitigate those risks and how to correctly allocate that budget to achieve the maximum value.
Do Small to Medium Enterprises need a SOC?
The answer to this question is not a standard one. It will depend on how small or how large the SME business is, the industry you are in and your risk profile (probability and impact) and your appetite for risk.
For that reason, this will be the first in a series of posts examining the needs of SME’s and the options available to them including how SME’s can have all the benefits of having the protection of a SOC without the overheads of building and maintaining their own.
What are your Mission Objectives?
Defining your mission objectives before anything else is essential in starting your new journey into Cyber Security in a structured manner.
Without a designated mission and clearly defined scope, you’ll probably find that over time your SOC’s unofficial mission becomes “all-encompassing security”. For obvious reasons, that is not viable.
Firstly, your SOC shouldn’t be responsible for ‘business as usual’ security processes such as developing and delivering training. They’re also not designed to take routine service calls from individual users, which are more commonly handled by a designated IT helpdesk.
While precise missions will be dependent on your organisation’s needs, the following should hopefully provide an idea of what a SOC’s mission statement might look like:
“The SOC is the collective of people, processes, and technologies that provide situational awareness through the detection, containment, and remediation of IT threats in order to manage and enhance an organisation’s security posture.
The SOC will be able to handle, on behalf of our company, any threatening IT incident and will ensure that it is properly identified, analysed, communicated, investigated and reported. The SOC also monitors applications to identify a possible cyber-attack or intrusion (event), and determines if it is a genuine malicious threat (incident), and if it could affect business and what the impact could be.”
What else should it cover?
In the pursuit of your mission, your SOC should also be able to cover some of the following functions:
- Real-time monitoring of incoming and outgoing network traffic
- Incident detection, triage, analysis and response
- Malware, an indicator of compromise (IOC), and network artefact analysis
- Vulnerability management, penetration testing, and internal hunting
- Maintenance of network and security assets
- Passing on relevant intelligence to other teams.
It’s essential that the roles and responsibilities of your SOC are determined before any time or resources go into further planning. Without a clear mission, it’s easy to be side-tracked by other security functions that need to be addressed or poorly invest your resources in a way that doesn’t accurately reflect the needs of your organisation.
But once you’ve agreed upon a mission for your SOC, you can move on to considering….
Part 2 : In-House or Outsource? (Thursday, June 24)
A little about Nick Hague
Nick is the founder and CEO of Techolony and has been working in the IT industry for nearly 25 years. After completing a degree in computing and business and on return from an 18-month backpacking trip around the world, he commenced his career developing business workflow systems using Lotus Notes before moving into Project Management and Consulting, where he has led a huge variety of Change portfolio’s for clients across the public and private sector.
After a long career in the consulting and managed services industry, he set up P4 Management Services in 2013 which focused on Project Services in the finance and government sector.
As the company grew and service offerings increased, the company changed its name to Techolony - a portmanteau of ‘The technology colony’ where he has organically grown a project services business into an IT consulting and services business delivering Change, Cyber Security and Support services.
If you have any questions and would like to book an appointment with Nick personally, please register for an appointment below.