The Best Defense is Offense: Security Operations Centers Market Set to Take off

Ricci Dipshan , Legaltech News

A report by ALM Intelligence estimates SOCs, which holistically monitor company data and systems, will be a $4.84 billion market by 2018

Protecting oneself against cyberthreats it not just as simple as going out and purchasing the most advanced and up-to-date-cybersecurity platforms. Nor is it as easy as putting a firewall around all company data — after all, data is more mobile and dispersed than ever before.

Gone are the days when cybersecurity can be thought of as a passive protection, and companies in the legal industry and beyond are increasingly turning to security operations centers (SOC) to actively watch for threats, according to ALM Intelligence’s Security Operations Center Consulting report.

The market for SOCs, which are centralized units that monitor a company’s network traffic, systems, data and all IT aspects, was pegged at $3.96 billion in 2014, and is expected to grow to $4.34 billion in 2016 and $4.83 billion by 2018, according to ALM Intelligence. The report added that the market should “realize escalated momentum” within three to five years.

Erin Hichman, ALM Intelligence senior analyst for IT consulting research, told Legaltech News that the growth in SOC consulting stems from the rise of major cybersecurity events, especially in the financial and retail industries.

“Multi-national banks and insurance companies generally have the most sophisticated SOC functions, and are turning to consulting firms for guidance in further advancing their ability to predict threats and respond more quickly to threats,” Hichman said.

Traditionally, “SOC-capabilities were only used for simple threat detection and monitoring, and only enough to meet applicable compliance mandates,” she explained. “There was little thought or strategy put in developing the actual SOC function, and hardly any attention paid to it after the tools and services were implemented. Additionally, many companies use outside parties for threat monitoring and detection, and there is little communication, leading the client company to believe everything is OK.”

“SOC-like capabilities developed solely to fulfil compliance requirements creates an illusion of security,” she added. “In fact, many if not all of the major recent cyber breaches were on companies that met compliance standards.”

In comparison, “modern SOC goes beyond threat detection and monitoring,” Hichman said. “It takes things a step further by predicting threats, giving companies a leg-up in prevention. It sifts through all the alerts generated and prioritizes, only creating notifications for the highest priorities. It pulls in, combines and correlates new sources of information, providing greater insight into potential threats. It includes well developed playbooks, processes, procedures and roles, so when something does happen there is no question who should be involved and what they should do. It also considers the working environment.”

Far more than external cybercriminals, the working environment is more often than not where one can find the source of many cyberthreats. Negligent or malicious employee behavior is a persistent risk for any enterprise, and one that has not yet been effectively handled through cybersecurity training.

“A major aspect of SOC development or investment that consulting firms do is defining roles, training, education and creating and documenting processes in order to reduce the chance of unintentional insider threats and empower employees to act if they see or suspect something fishy. It also includes rules and controls to reduce the possibility as much as possible of insider threats,” Hichman said.

She added, “This is a growing area, and consulting firms are beginning to develop services specifically designed to help their clients detect insider threats. I think we will see significant demand for these services over the next couple of years.”

In moving beyond tackling just prevention, SOC also accounts for what happens post-breach, by developing and documenting “business continuity and threat containment protocols,” Hichman explained.

“The SOC function’s goal, of course, is to help prevent cyberattack. However, it has become clear that attacks are inevitable, and the best approach to this is to be prepared, to have detailed and well documented processes and procedures that take you from threat detection through business continuity and disaster recovery. This includes the PR response. Additionally, threat prediction can provide companies with a head start to lessen the blow, if not bypass it altogether,” she said.

Original