Top Pains when Not Using the Right SOC as a Service

Top Pains when Not Using the Right SOC as a Service

By Jaimon Thomas

June 10, 2019

Even the most skilled and experienced CISOs are facing two significant cyber security challenges—staying ahead of increasingly sophisticated cyber attacks and finding the resources to deal with growing volumes of cyber security threats.

The reality is that no matter how large your cyber security budget might be, attackers can find unique ways to exploit hidden vulnerabilities in your network. And as a result, more and more CISOs are turning to Managed Security Service Providers (MSSPs) to help them run their security operations center (SOC) as a Service, or SOC-as-a-Service.

But not all SOC as a Service providers are created equal. Choosing the wrong partner can have serious consequences for both cyber security performance and your business operations at large.

To ensure you’re getting the most value from your SOC investments, be on the lookout for these 4 warning signs that you’re working with the wrong partner.

1. Lack of Transparency

All too often, managed security service providers deliver security operations as a black box. You have surface-level visibility into the service. But when you want more in-depth insights into security operations, you’re left with minimal visibility.

For the most part, these black box SOC services offer a client dashboard with templated reports. Whether it’s weekly, monthly, or quarterly, you’ll get reports about the number of incidents the provider detected, how many viruses were prevented, and other vanity metrics that show the provider is continually monitoring your network.

soc as a service

When evaluating potential providers, check carefully the level of transparency they provide into day-to-day operations. You should aim for full visibility into the activities of SOC analysts so you can see how cyber security threats are handled from detection all the way through to mitigation.

With full operational visibility, you’ll be able to gain a more educated perspective of the ROI of SOC-as-a-Service investments.

2. Unnecessary Alerts and Noise

One of the main reasons to invest in SOC services is to address cyber security threats at scale. You’re investing in an ability to respond to threats faster, with greater efficiency, and in larger volumes.

However, there are many service providers that won’t deliver the efficiency you should expect from SOC services. When their services rely mostly on human analysts, it’s inevitable that they’ll be bogged down in repeatable, mundane security tasks. Those manual tasks lead to high volumes of unnecessary alerts that you have to deal with.

soc as a service

Don’t just look for a SOC-as-a-Service provider that promises certain levels of backend automation. Search specifically for automated alert systems that use machine learning to ensure you’re only presented with the most critical notifications. The more unnecessary noise a service provider can eliminate, the easier it will be to maximize ROI.

3. Inflexible Scope of Service

Generally speaking, it’s great to have a tightly-defined scope of service when outsourcing any business or IT operations. But when outsourcing security operations, specifically, strict SLAs can be a detriment to service quality.

Many SOC-as-a-Service providers tightly define service scopes by focusing on the volume of incidents handled or number of cases per month. You agree to a certain threshold and once the SOC provider has processed the number of incidents outlined in the SLA, you’re faced with extra fees or have to manage the threats alone.

Rather than accepting time-bound and volume-bound services, look for more dynamic offerings that can scale to meet your specific security needs on a month-to-month basis.

4. Minimal Actionable Intelligence

One of the biggest mistakes you can make as a CISO is taking a set-it-and-forget-it approach to SOC services. Just because you’ve invested in a managed security service provider doesn’t mean you’re getting the returns your business needs (and deserves).

Fixing this mistake comes down to a mindset shift. Many SOC service providers will give you static reports and dashboards that offer high-level overviews. Don’t settle for this kind of unactionable information. As a CISO, your main focus is cyber security risk assessment. You need to understand how well your network is protected and where there are gaps in your cyber security strategy so you can evolve accordingly. Your SOC service provider should provide actionable insights into those gaps.

soc as a service

If you’re trying to understand whether or not a SOC provider is going to provide actionable intelligence, look closely at how they baseline your defenses. Are they implementing new rules for every emerging threat? Or, are they relying on a threat framework to proactively baseline your coverage and keep your business protected?

When SOC services rely on the Mitre ATT&CK framework, for example, your provider will be able to baseline network protection against a vast cache of documented tactics and techniques and continually report on any vulnerabilities in your cyber defenses.

Are You Getting the Most Out of SOC Services?

Partnering with a SOC-as-a-Service provider doesn’t automatically mean that your cyber security challenges will disappear. Whether it’s due to a lack of transparency, an overabundance of alerts, inflexible scope of service, or unactionable reporting, working with the wrong SOC-as-a-Service provider can significantly diminish ROI.

That’s why we strive to be different at CyberProof. Our dashboards and reporting systems are based on Microsoft PowerBI technology, which makes it easy for clients to get the most value out of SOC services. The ability to search through data and reports with natural language means you can find the exact insights you need whenever you need them. And our customized, automated alert system makes sure you only see the notifications that will make a difference to your business.

For an in depth look at new tactics being used to contribute to cyber security, download our whitepaper, Why Virtual HUMINT  is Vital to Effective Threat Intelligence. 

HUMINT whitepaper

Jaimon Thomas
Written by Jaimon Thomas
Jaimon leads the global Security Solutions and Architecture function for CyberProof. Jaimon is responsible for developing and packaging CyberProof’s services and services roadmap. With over 16 years of experience in various Information Security domains, Jaimon is an expert in developing robust security strategies and scalable architectures for clients in various verticals. He has designed and delivered a number of security improvement programs including the delivery of enterprise-wide security infrastructure solutions for clients. Jaimon holds a Masters in Computer Networks and holds industry certifications such as CISM, CISSP as well as many vendor certifications.