How to Modernize Security Operations Centers
In the past decade, global security operations centers (GSOCs) have been in their early adolescence. They were focused on baseline physical security functions such as monitoring alarm systems and video surveillance feeds. Fast-forward to today, where GSOCs are becoming part of an enterprise’s central nervous system.
Not only are GSOCs managing an increased threat volume—protecting people, assets, supply chains, and operations—but they have also become a critical asset for employees and executives when problems arise. From active shooters and violent protests to extreme weather, supply chain risks, or geopolitical issues, the GSOCs of the past are challenged by today’s increasingly severe threat landscape.
It is imperative for a modern GSOC to be able to analyze incoming intelligence in a single, centralized platform. It’s also crucial that GSOCs use that intelligence to support strategic, even potentially life-saving actions.
Modernization is a journey, but those who do not take active responsibility to start the process leave their organization open to great risk.
Identify Business Needs
GSOC modernization may look slightly different depending on business operations and needs, but the approach to adoption often follows one of three routes: outsourcing to a third party, expanding a physical location or product suite, or going virtual.
Outsourcing security needs to a third party can, in some situations, help manage costs. However, it can also create additional risk for your organization because it requires you to relinquish some degree of control over your security procedures. When taking this route, security teams need to do their due diligence, define program expectations, and ensure that clear communication channels are implemented with their partners.
Organizations can also propel modernization by expanding a GSOC’s physical footprint or integrating new tools and services that help analysts and operators do their jobs more effectively. In this case, a bigger GSOC may give teams the ability to track threats in real-time and establish better situational awareness. Implementing more advanced technology can help break down data silos and give analysts a more holistic view of their threat landscape, leading to more effective threat detection and faster case resolution when issues arise.
Finally, there is the option to deploy a completely virtual GSOC, or VSOC. It’s possible an organization doesn’t need or isn’t structured to have all its security analysts sitting in the same room. And with emerging software platforms that centralize intelligence for easy research, investigations and reporting, making a move like this may help you maximize your security budget. GSOCs are often seen as a cost center, so it’s important for security leaders to understand how to be more efficient with the money they are already spending.
Centralizing and Streamlining Data and Processes
GSOCs are tasked with making sense of vast amounts of data coming from various sources. These can range from OSINT, Dark Web, and social platforms to risk event intelligence—such as developing news stories, severe weather, localized crime, and geo-specific activities, as well as proprietary company data. Analysts must not only sift through this incoming data, but they must also decipher legitimate signals through the noise of disinformation and content generated by artificial intelligence (AI). Without technology, analysts simply cannot monitor all the incoming data that pertains to an organization’s risks and turn it into something actionable—it’s like trying to drink from a fire hydrant.
While AI can create more data that intelligence analysts are responsible for vetting, it can also help turn the data from passive information to proactive and actionable next steps. AI models can be trained to understand different types of events to better predict risks and identify the best course of action for a team. While AI can speed up the processes, it’s important to note that human analysts will always be needed in the intelligence collection and verification process.
Those in charge of designing or leading a GSOC should also consider integrating data from physical security systems with their IT infrastructure to create a unified security platform. This convergence will break down silos within the GSOC and give analysts the data they need in a single platform, creating a more modern approach to risk mitigation. Implementing connected software that enables the mobilization of security teams for a coordinated response when a threat emerges is a key capability of a modern GSOC.
Prove the Business Case
You may already know what steps must be taken to modernize your GSOC, but it most likely requires additional expenditure. If you are a CSO, you should begin by collecting as much data as possible to highlight the various threats that may impact your business.
As part of this collection process, communicate with peers in your industry. What case studies can you point to involving real security incidents and what repercussions they had on the business? For example, in addition to the immediate impact on employee safety and emotional well-being, a workplace violence incident can have major financial implications when it comes to downtime and potential lawsuits. Another example is an extreme weather event, which could cause physical property damage and an access control issue that leads to property losses or theft.
There are plenty of what-if scenarios, but it’s important that stakeholders acknowledge the problems that need to be addressed in the GSOC. By illustrating the potential damage that can be done if a threat materializes, you can create a better business case for why implementing a certain tool or software platform is the right move.
Depending on your organization’s budget process, you may also need input and buy-in from several groups across the organization, including HR, IT, legal, and compliance. It’s important to highlight how other business functions may reap value from a modernized GSOC, or face repercussions if there is a lack of modernization. The goal is to convince decision-makers that the benefits of investing in modernization outweigh the costs.
As security leaders, we know a security incident is not a matter of if but when. So, it is imperative that organizations are prepared and have the necessary infrastructure in place. Ultimately, highlighting the vulnerability gaps and the potential financial and reputational risks of inaction can underscore the need to modernize your GSOC and secure the budget needed to do so.
Just as the central nervous system plays a vital role in keeping the body safe, developing as you age, a GSOC is essential for maintaining an organization’s security posture and adapting as the threat landscape changes. Companies that are not modernizing their GSOCs risk substantial disruption to their business functions and operations.
Manish Mehta is the chief product officer for Ontic and has worked in disruptive innovations in the software industry for more than 30 years. In his current role, he is responsible for the company’s product strategy and market execution of software used by corporate and government security professionals to proactively manage threats, mitigate risks, and make businesses stronger.