The proliferation of risks like cyber attacks, geopolitical threats, supply chain disruptions and more has made the job of security and risk management leaders more challenging than ever. That’s why more organizations are building or optimizing their security operations center (SOC) to improve threat visibility and their overall enterprise resilience posture.
We at Dataminr believe that, in order to have a successful, modern SOC, businesses need to equip themselves with insightful best practices and recommendations to avoid the common pitfalls. Here, I’ll highlight five tips that can help your organization build a better SOC—and thus stronger business resiliency.
The first pitfall organizations may run into is having a lack of clearly defined vision and strategy, or a gap in executive sponsorship. Risk management needs to be hard-coded into the DNA of your organization, and buy-in and active advocacy from your senior leadership is critical to success.
It’s crucial for C-suite executives to understand risk, risk mitigation and the likelihood of their organization’s exposure to risk. Then, ensure your leadership and security teams make your SOC the central hub that manages the related challenges your company is facing. The good news is that, as more executives become aware of the evolving risk landscape and its impact on enterprise resilience, security leaders can expect to see more support for their strategy going forward.
When setting up a SOC, security leaders and teams need to determine and agree on their goals. What is your organization trying to achieve and what are you safeguarding? A clear understanding of the problems you are tasked with solving is essential—whether it’s legal and compliance risks, or cyber and physical asset protection. A scope that is too narrow or too broad often leads to an ineffective security program.
By identifying the right enterprise risk management framework that meets your organization’s needs, you can more easily define roles and responsibilities, and then figure out how best to protect your people and assets.
Once you’ve established your vision and scope of responsibility, it’s time to set clear objectives and metrics to measure them. Because it's difficult to measure the value of incidents that were avoided, it can be challenging to find the right metrics within security. Don’t give up. Focus on measuring and quantifying your prevention efforts.
You can also measure your operational efficiency by honing your ability to process vast amounts of data at scale. Other key performance indicators include:
And, you can measure cost reductions realized by saving time and manpower and streamlining or fully automating processes.
While the speed at which information spreads is increasing exponentially, many security operations remain people- and process-heavy, making it harder to keep track of every single incident or emerging risk. Additionally, the convergence of cyber and physical risks will likely continue to rise, so your SOC should have access to critical real-time data that provides a holistic view of the risk landscape. Therefore, ensure your tech stack includes real-time alerting solutions like Dataminr Pulse, which enables security and risk teams to identify potential threats and crises as soon as they occur and unfold.
The security industry—both in the private and public sector—has long seen the value of collaboration and information sharing. However, some organizations may not have the right technology and processes to do so effectively.
When creating and/or optimizing a SOC, always set out to have tools and practices that enable cross-functional cooperation, including the sharing of information about risks that are relevant to the entire organization. By leveraging Dataminr Pulse’s collaboration workflows, which enable teams to work cross-functionally in real time, you can easily design a clear process for when and how to communicate important information and which stakeholders should receive it. This will help you manage incidents more effectively and ensure the highest level of protection possible.
To learn more, download the ebook Best Practices for Building a Physical Security Operations Center.
Joe Levy is Senior Director of Enterprise Sales at Dataminr. Previously, he held go-to-market leadership roles at Gavin de Becker and Adobe, and co-founded the OSINT competitive intelligence software company clearCi. Joe holds dual bachelor degrees from Florida State University and completed graduate work at the University of California, Berkeley. He served eight years in the U.S. Army Reserve as a drill sergeant and combat engineer, and is an instrument rated private pilot.