Building a world-class SOC requires two key components: smart, dedicated personnel, and a purpose-built approach to active security monitoring that brings together the right use-case coverage and processes for your organization.
If you’re looking to build your own, chances are that first ingredient is going to be a problem. Currently, only 60 percent of businesses can find the skilled, experienced people they need to staff a SOC.1 Almost a quarter of SOCs maintained by US organizations are understaffed by more than 10 employees. Around the world, that amounts to a cybersecurity expert shortfall of some 3.5 million people.2
1 Exabeam, 2020 State of the SOC Report.
2 Cybersecurity Ventures, The 2019 Official Annual Cybersecurity Jobs Report
Decisive has the people you need. As an organization that’s dedicated to infrastructure planning, data protection, IT infrastructure management, and cybersecurity, we’ve focused our recruiting efforts at attracting the very best. We pride ourselves on hiring only next-generation SOC experts. What does next-gen mean? It means the cybersecurity personnel we hire have been around; they’ve seen the way corporate security teams and managed service providers work, and they wanted to work smarter. They’re agents of change, and it’s change that can help you keep your data safe.
One major reason Decisive can attract SOC experts who want to change how security monitoring works is that we give them the best possible tools.
The Decisive Defensive Cyber Operations Centre (DCO) ensures the analysis of discovered incidents happens faster, and with great consistency. To accomplish this, our DCO uses a combination of best-in-class security information and event management (SIEM), threat intelligence, and security orchestration and automated response (SOAR).
Ingestion of quality threat intelligence provides a critical data source for correlation against your logs for interaction with known indicators of compromise.
The use of SOAR playbooks to automate investigative work for our 24/7 monitoring team means doing more with fewer resources—and putting personnel where they’re most beneficial.
The way our SOC personnel use the technology drives home the concept of next-gen, because active security monitoring is only as good as how you do it.
Decisive provides a single point of ingestion for all logging activity, including available telemetry agents for your endpoints, providing a detailed view into what’s happening. These logs and others are parsed to a common format so they can be compared and correlated with each other.
Next, Decisive’s SOC personnel examine the customized use cases created for your environment to facilitate real-time notification of potential incidents. And they do this 24/7, triaging alerts as they come in, and determining if they’re valid.
Add to that our dedication to continuous improvement, and you’ve got truly proactive security monitoring.
