EXPERT SPEAK

SOC teams are at the forefront of enterprise security as they unify people , processes and technology to protect organisations ’ cyberhealth .

Recently , cyberattacks and cybersecurity have become important areas of concerns for organisations with about 74 % of surveyed Middle East CEOs citing cyberthreats as obstacles to their growth in 2021 , according to research by PwC .

The SOC must find new efficiencies in its bid to hold back the rising tide of cybersecurity threats . It can begin by rethinking its cultural makeup and its technical approach .

This is where optimising the incident response ( IR ) process becomes even more important . Businesses increasingly realise the benefits of IR as a key part of their cybersecurity toolkit . The 2020 Ponemon Cost of a Data Breach report reveals that data breaches cost US $ 3.29 million for companies with an IR team that regularly tests its IR plan . That ’ s US $ 2 million less than companies without an IR team , demonstrating the value of IR .

Challenges facing SOC teams

When facing shifting threats from different threat actors using a wide variety of techniques , many SOCs look for technologies to help them cope . A common response is to install a panoply of tools . However , SOCs don ’ t always do that strategically , teams tend to over-prepare with tools rather than ensuring that they can adapt when dealing with unknowns . Additionally , when teams install security tools on a piecemeal basis they can end up with a disjointed ‘ frankenstack ’ of security tools that don ’ t interoperate well . This can leave

Tamer Odeh , Regional Director , SentinelOne Middle East

When teams install security tools on a piecemeal basis they can end up with a disjointed ‘ frankenstack ’ of security tools that don ’ t interoperate well .

the SOC without a unified workflow . They lack automated remediation capabilities , which leaves SOCs relying too heavily on human interaction . People must fill in the technology gaps , but they cannot do so at speed . These weaknesses leave SOCs with a disjointed incident response process that is difficult to control and understand . No wonder , then , that a Ponemon report found security system complexity to be the single most expensive factor when assessing the cost of a data breach . It increased the cost of a data breach by US $ 292,000 on average .

Optimising the IR process

Your SOC has the power to overcome these challenges . At the top of your list should be an assessment of your current incident response process . Begin that assessment with a focus on outcomes . Everything should be geared to achieving preset goals .

Those goals should be measurable by tying them to specific metrics and firms must evaluate the metrics they ’ re using to measure success .

At early stages in the incident response chain , those metrics should be geared toward prevention . How are you assessing the level of risk to various assets and its potential effect on the organisation ? Are you taking a mathematical approach to triaging risk based on the resources available ?

With appropriate measurement techniques at your disposal , you can work on building a seamless end-to-end incident response process with clear procedures and roles , so that no threat falls through the cracks .

Integrate your tool set to support this process . An ideal toolchain will support harmonised , data flows that reduce or eliminate the number of hand-offs and tool or platform changes . An integrated toolchain will provide a solid platform for automation . •

INTELLIGENT TECH CHANNELS

INTELLIGENT TECH CHANNELS Issue 39

55