Demystifying the SOC, Part 3: Whether You Know It or Not, You Have a SOC

In our previous posts, we discussed why every organization, including yours, needs a security operations center (SOC) and why prevention is not enough. Here we’ll discuss why, whether you know it or not, you already have a SOC. And if you look around and there is nobody else in the security team, then you — are — the SOC!!

SOCs are about keeping the organization in a known good state

As previously discussed, the SOC’s mission is to keep the organization’s infrastructure operating securely in a known clean state. Today it ’s assumed that it’s only a matter of time before an organization suffers a security breach. When it does, the SOC acts as a competency center for threat detection, investigation and remediation (TDIR), returning the organization to a known good state as quickly as possible.

But what does a SOC actually do from day to day?

Your SOC

A SOC used to be one or more rooms where a team of security analysts would collaborate in close physical proximity, monitoring screens and working together to address security issues. With remote access, virtual collaboration tools, and Covid 19, that is no longer the case. Today many people, including SOC teams, work from home and collaborate via virtual collaboration tools such as Slack, Microsoft Teams, and Instant Messenger. And a SOC is not necessarily a large team.

In fact, today a SOC is no longer a thing, it’s more of a concept. There really are no longer any specific requirements in terms of number of people staffing a SOC or a physical location where SOC happens.

Are you a small business with a handful of people who know something about security, or even one part-time person who has some security knowledge and is the go-to person for anything security related? That’s your SOC. Look around at your security team. Are you the only there? Well, then you — are — the SOC!!

So, yes, you have a SOC. But are you really measuring and tracking the efficiency of your SOC using the right metrics? That is the subject of our next blog.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Gorka Sadowski

Cybersecurity expert and Chief Strategy Officer at Exabeam. Former Gartner analyst driving SIEM and SOC research and builder of the Splunk security ecosystem.