Building a Smart SOC:

Strategies

Happiest People Happiest Customers

Contents
Introduction..................................................................................................................................................3
Building and taking an SOC to maturity the smart way...............................................................................4
Optimize the three key aspects: people, processes, and technology ........................................................4
Conclusion...................................................................................................................................................5
About the Author..........................................................................................................................................6

Happiest Minds Technologies Pvt. Ltd. All Rights Reserved

Introduction
Despite heavy investment in security solutions, data breaches and cyber attacks continue to impact business. This emphasizes the need for improved incident detection and mitigation, to enable enterprises to respond rapidly to an intrusion and
lessen business impact.
The optimal way to address this requirement is to set up a Security Operations Center (SOC) that leverages all the security-related information generated within the enterprise to offer a centralized and holistic view of the security organization. An
SOC aggregates, analyzes, and optimizes the usefulness of all the security data generated by various devices and perimeter-based point solutions (firewalls, IPD systems, etc.) to provide continuous threat detection and response capabilities in
near real time.
SOCs prioritize events, generate automated alerts and detailed forensic reports, and effect rapid remediation to
reduce business risk and downtime. Additionally, they can assist in compliance reporting by facilitating quick access to
threat intelligence and identity and access control data, and by enabling sophisticated analytics.

Building and taking an SOC to maturity the smart way

Building an SOC is not a one-time effort; rather, it is an iterative process necessitating incremental improvements to
your threat intelligence mechanism, based on the security information gathered.
Here are some smart strategies to build a smart SOC:
Define the primary objectives and functions of your SOCthe different areas under its purview and the business
problems that it will solve.
Assess existing security operations and procedures in order to align your technology to your security program and
to map out improvement measures.
Study the technical environment that you operate in to better comprehend possible threats and attacks.
Define normal through baselining the aggregated data to establish expected behavior and thus signal any
deviation. This will assist in prioritizing threats and boosting the accuracy of the alerting mechanism.
Integrate your SOC with the rest of your business to offer an enterprise-wide view of security.

Optimize the three key aspects: people, processes, and technology

However, an SOC is more than just security tools or analysts. A critical aspect of SOC design is the optimization of the
triad of people, processes and technology, and their interactions. Investing in sophisticated security solutions will offer
compre-hensive protection to your network, but tools are only as good as the people using them. Hence, the investment
you make in people is as, if not more important. In the same vein, the best security analysts will fall short of providing a
holistic view of the organizational security posture without adequate tools at their disposal. Underlying the twopeople
and technologyis the need for well-defined processes and workflows. Building an SOC, thus, requires seamless
communication between the different functions, disparate security products and the numerous processes and
procedures. The table below shows how each aspect of this triad can be optimized.

Happiest Minds Technologies Pvt. Ltd. All Rights Reserved

People
People

Processes

Technology

When defining the role of your

security team, identify the skill
sets required to achieve your
goals, including the number of
security personnel you need.

Well-documented processes
provide a holistic view by
detailing the workflow of the
different security functions.
Documents defining the appropriate procedures to follow in case
of a breach are as critical as the
development of use cases for
threat scenarios.

An effective monitoring solution

continuously monitors and
aggregates security information
from all endpoints, the network,
and logs, to detect events of
interest and to aid forensic
investigation.

An organization can choose to

either set up an in-house
enterprise SOC or outsource the
service to a Managed Security
Service Provider (MSSP). Each
route has its own advantages
and disadvantages and the
enterprise must decide what
works best for its needs and
resource availability.

Detailing repeatable procedures

allows for the standardization of
actions expected on a routine
basis so that no aspect of
security investigations is
overlooked. Additionally, setting
up an incident management
workflow allows for the clear
delineation of responsibilities and
measures to be taken based on
the events criticalitysending
out an alert, immediate remediation, or escalation to Tier 2, for
instance.

Ensure compatibility of the

different technologies, and break
down the silos between disparate
tools (SIEM and an incident
management solution, for
instance).

Invest in analyst training on

standard security skills and
solutions, as well as the specific
needs of your industry. Analysts
should also be aware of company security policies and the
processes in place, and effective
communication techniques and
methods.

ncorporate processes to ensure

compliance to regulations.

Big Data enables security tools

to crunch data from various
end-points and internal networks,
while gathering threat intelligence from the external environment. This leads to enhanced
visibility into anomalies, threats,
and intrusions.

SIEM systems strengthen SOC

capabilities by facilitating the
detection of events of interest
through a real-time analysis of
security information and by
analyzing log records and data
aggregated from various
sources. Additionally, they
provide actionable intelligence to
deal with evolving cyber security
threats.

Happiest Minds Technologies Pvt. Ltd. All Rights Reserved

Optimizing the interaction of people, processes and technology will optimize SOC functioning. Technology, for instance, can
be deployed to manage resource gaps by automating labor-intensive functions that do not require manual overview. Automation frees up human resources to focus on high-priority tasks and on risks that have maximum business impact. Or,
having detailed and well-defined workflows in place can allow for the effective allocation of analysts where they are most
needed.
As mentioned at the beginning, designing and building an SOC is an iterative process that makes incremental efforts to
guide the SOC to maturity. Mature SOCs are capable of leveraging threat intelligence from past events, combining these
with security information from the technical environment and industry trends, to deliver rapid, efficient, seamless and
contin-uous threat detection and remediation capabilities.

Happiest Minds Technologies Pvt. Ltd. All Rights Reserved

About the Authors

Vijay Bharti heads the Cyber Security practice at Happiest Minds Technologies Pvt. Limited. He brings
in more than 15 years of experience in the area of IT Security across multiple domains like Identity
and Access Management, Data Security, Cloud Security and Infrastructure Security. His recent work
includes building Security operation center frameworks (including people, processes and various SIEM
technolo-gies) where he is working on building an integrated view of security and ways of leveraging
advance analytics and big data innovations for cyber security
Vijay Bharti

Happiest Minds
Happiest Minds enables Digital Transformation for enterprises and technology providers by delivering seamless customer
experience, business efficiency and actionable insights through an integrated set of disruptive technologies: big data
analyt-ics, internet of things, mobility, cloud, security, unified communications, etc. Happiest Minds offers domain centric
solutions applying skills, IPs and functional expertise in IT Services, Product Engineering, Infrastructure Management
and Security. These services have applicability across industry sectors such as retail, consumer packaged goods, ecommerce, banking, insurance, hi-tech, engineering R&D, manufacturing, automotive and travel/transportation/hospitality.
Headquartered in Bangalore, India, Happiest Minds has operations in the US, UK, Singapore, Australia and has secured
$ 52.5 million Series-A funding. Its investors are JPMorgan Private Equity Group, Intel Capital and Ashok Soota.

2014 Happiest Minds. All Rights Reserved.

E-mail: Business@happiestminds.com
Visit us: www.happiestminds.com
Follow us on

This Document is an exclusive property of Happiest Minds Technologies Pvt. Ltd

612

12

Happiest Minds Technologies Pvt. Ltd. All Rights Reserved