With the shift to remote work caused by COVID-19, Security Operations Centers (SOCs) are under more pressure than ever, particularly with many SOC workers also working from home. Today’s reality is that SOCs have to embrace a new way of working in order to keep their analysts and admins effective and to ensure that morale doesn’t collapse under the weight of too much work and pressure.
There are several vital steps you should take to support your SOC teams in today’s new normal of remote work. If your SOC hasn’t yet moved to a cloud management model, this is the time to do so. Cloud is more efficient than any other option for quickly delivering security protections and updates to remote workers, as well as centrally managing compliance, policies, governance and new architectures such as Zero Trust.
With a cloud-native solution, SOC workers don’t have to be in the same location or on premises. In response to COVID-19, many organizations have leveraged next-generation remote SOCs with all or most analysts and admins working from home—with no gaps in security, compliance or business resilience. What’s more, they’ve kept remote workers safe and productive in spite of a dramatic spike in the attack surface and adversaries weaponizing the pandemic as a way to exploit weaknesses.
The SOC Journey Beyond the Cloud
Cloud is the beginning of the journey but there are at least three other elements that are essential to SOC transformation and modernization so you can identify and remediate threats faster. These are:
- Automation: SOC analysts and admins don’t have the time to respond to every alert. Automation is necessary to streamline processes, prioritize threats and eliminate risk of mistakes caused by manual errors. One of the myths about automation is that it will be used to replace analysts and admins. The reality is just the opposite; automation will make them better, happier and more efficient, freeing them from chasing routine risks and allowing them to focus on high-risk alerts. Expanding automation—using it wherever it is feasible—will make it easier to hire, train and retain qualified personnel at a time when the overall industry is facing a severe shortage.
- Machine learning (ML) and artificial intelligence (AI): Adversaries are using ML and AI to target and scale their attacks. If your SOC is not using similar tools you are more vulnerable than ever and falling further behind. The importance of ML and AI cannot be overstated. For example, intelligent correlation helps reduce false positives and alert fatigue by up to 90% with Azure Sentinel, Microsoft’s cloud-native Security Event and Incident Management (SEIM) platform. Built-in intelligence, combined with extensive automation, helps automate up to 80% of common tasks, simplifying operations and accelerating threat response.
- Advanced threat protection and shared intelligence. Threat intelligence and sharing of information is essential to protecting the remote work force. With a solution such as Microsoft Defender for Endpoint, SOC teams can leverage the expertise of Microsoft Threat Experts as a managed threat hunting service to access insights into complex threats from alert inquiries, potentially compromised devices and root cause of suspicious network connections. SOC teams can access threat intelligence on ongoing persistent threat campaigns, using real-time information populated automatically with signals from all over the world. One other key element of using and sharing advanced threat protection is having an integrated, end-to-end platform that delivers holistic visibility across your entire environment, from endpoints, to data centers, to edge locations, to multiple public cloud services. This is essential not just to monitor threats, but to reduce response time and mitigate potential damage.
Taking the Next Step
The simplest, safest, fastest and most effective path to SOC modernization is to use a platform with all of these capabilities built in, one that is both cloud-native and integrated with tools, applications and workflows that are used in your organization, such as Microsoft 365 and Microsoft Azure.
Microsoft’s approach to SOC modernization is integrated, innovative and designed to enable your teams to maximize the value of automation, machine learning, AI and advanced threat-detection in an end-to-end cloud-native set of solutions. For more information, watch this Microsoft SOC modernization video.