As organizations in India scramble to keep up with emerging cyber threats, implementing an intelligence-driven security operations center is proving to be essential, says Gartner analyst Rajpreet Kaur.
The growth in SOCs is driven by the need to have better visibility into the environment, correlating and analyzing intelligence, Kaur says in an interview with Information Security Media Group. "Very big organizations are able to have their own on-premises, captive SOC; other organizations that have a critical need for SOCs but lack the resources are depending upon third parties to build and manage their SOCs," she says.
Under the Managed Security Service Provider, or MSSP, model, SOCs are completely outsourced and remotely managed, she explains (see: MSSPs, The Preferred Route to Skills Challenge). This customized approach means that organizations of all sizes in India are now able to afford an effective SOC, she contends.
When investigating the MSSP approach for a SOC, however, organizations must carefully consider whether it makes sense to use the same outsourcing company that's already managing other security functions for the organization because of potential conflicts of interest, the analyst says. For instance, if an MSSP-run SOC identifies a vulnerability in the infrastructure the MSSP company itself manages, there is incentive to cover it up.
On the other hand, if an organization uses two different companies to outsource its SOC and its other security functions, it must ensure adequate communication among all the parties involved, she stresses. Kaur suggests ensuring robust information security processes are in place internally before planning to outsource.
In this interview (see audio player link below image), Kaur shares further insights on implementing an adaptive security architecture, touching upon:
- Common challenges in implementing a SOC;
- Recommendations for Indian organizations on getting network security and SOC management right;
- The need to focus on prevention, detection, response and remediation.
Kaur is a senior research analyst for infrastructure protection at Gartner who has more than seven years of industry experience. Her research focuses on network security, including technologies such as IPS, Web application firewalls and advanced persistent threat detection. She also covers tokenization of payment data.