Questions Mid-Market Companies Need to Ask When Evaluating a Cyber Security Partner
By Eric Gressel, Executive Vice President, One Source
With cyberattacks growing exponentially as result of COVID19, Mid-Market companies (those less than $1bn in revenue) are accelerating their investments in cybersecurity to ensure their ability to ward off the increase in attacks and maintain the survivability of their businesses.
As a mid-market business evaluating security partners you are likely to run across one of the most misused buzzwords in the space, “SOC” or Security Operations Center. In doing your research it probably appears that everyone and their brother has one of these “SOCs” and that they are all created somewhat equal. Well unfortunately, that is far from the truth as the market is using the term to define anything from a couple hoodie-wearing recent college grads crammed in a few basement cubicles to an NSA secret bunker requiring top secret clearance to gain entry.
Let’s spend a couple minutes demystifying the term “SOC” so that you know what questions ask and how to determine the best partner to protect your business.
The truth is all SOCs are not created equal, and some are not even SOCs to begin with. So, how do you vet out what is best for your business? Let’s focus your questions around these four areas: Facility, Staff, Technology, and Methodology.
Do you have a secure, dedicated facility? The SOC should not have things like windows or be located in an area susceptible to natural disaster (yes, I have had to review city-provided floodplain maps prior to approving a facility to be built in a downtown location in the Southeast)
What are the operating hours? There must be physical bodies in the SOC 24/7/365 with “eyes on glass.”
What controls are in place for access to the SOC? Access should be limited to only security personnel. Guests should be required to scan government issued ID’s and sign logs to enter for pre-arranged tours.
How are you providing connectivity to the SOC? There should be multiple redundant connections to ensure resiliency. “Dirty” connections should also be available to enable reverse-engineering and advanced security research.
Could we schedule a time to tour your SOC? Any hesitation and/or deflection is probably a leading indicator of them not having a “true” SOC.
What is the experience of your SOC team? Are these recent grads with limited experience or former Department of Defense or Fortune 100 analysts? Skilled technicians and a sound methodology are the key to success for an efficient SOC, make sure you are investing in experienced talent.
What is your education and retention strategy? There is already a 30% shortage of cyber professionals in the market. With process and team chemistry being critical to running an efficient SOC, it is key to understand the tenure of their current staff and what measures they have in place to train and retain said staff.
What technology do you use to run the SOC? Typical SOC infrastructure includes firewalls, IPS/IDS, breach detection solutions, and a security information and event management (SIEM) system. In addition, technology should be in place to collect data for its clients via data flows, telemetry, packet capture, syslog and other methods.
How many technologies do you manage on behalf of your clients? It is well documented that efficiency and speed to action is critical when responding to cyberattacks. If the staff in a SOC are managing many different flavors of technologies, it is virtually impossible for them to be proficient at any one technology and thus, reducing their ability to create efficiency.
Do I need to buy my own? The SOC itself will use tools to create efficiencies and run the operations of the actual facility. You will likely need to invest in security technology that will then be managed by the SOC on your behalf. It is vital that the SOC understands your company’s threat profile so that they can recommend the level of technology that is right sized to your profile.
What methodology does your SOC use? The SOC should be using a pre-defined framework that includes playbooks, policies, and procedures that dictate the routine operations of protecting its clients’ environments. They should have documentation of these readily available for your review.
How does it apply to my organization? The SOC should be tailoring their standard framework to the threat profile of your business. They should ask the priority of assets you want to protect and be able to walk you through how the framework will deviate from their standard to accomplish your goals.
What’s Best Approach for Your Mid-Market Business?
While most mid-market security professionals may aspire to run their own internal SOC operation, the truth of the matter is that they don’t have budget large enough to build, operate and maintain it themselves, let alone recruit and retain skilled staff. More and more IT security professionals consider outsourcing not only to save cost but keep up with the evolving threat landscape. The key is to ensure you are empowered to identify partners with real SOCs versus those that are using the buzzword to be in the game.
For more information, please contact us to schedule a call so we can discuss your specific security needs.
- All SOCs Aren’t Created Equal: Questions Mid-Market Companies Need to Ask When Evaluating a Cyber Security Partner
May 27, 2020
- 5 Cybersecurity Misconfigurations to Avoid that Reduce Cyber Risk by 75%
May 5, 2020
- 5 Types of Cyber Attacks Most Threatening to Small-Midsize Businesses
Apr 20, 2020
- Your Remote Workforce Emergency Plan: 3 Things Your IT Department Can Do in the Next 30 Days
Mar 24, 2020
- 6 Quick Cybersecurity Must-Haves to Support a Remote Workforce
Mar 16, 2020
- How To Defend Your Company Against Coronavirus Cyber Scams
Mar 12, 2020
- One Source Pioneers Movement of Cyberattack Preparedness to #DefendNC
Feb 26, 2020
- Why It’s Imperative for Mid-Market Companies To Fund Cybersecurity During Current Lockdown
Feb 24, 2020
- Changing User Behavior Core to Averting Phishing Disaster
Feb 5, 2020