EDITOR ’ S QUESTION
WHAT IMPORTANT SECURITY POLICY CONSIDERATIONS SHOULD CIOS , CISOS AND INFORMATION SECURITY TEAMS BE MAKING BEFORE ROLLING OUT A SOC ?
In the security operations centre ( SOC ), Internet traffic , networks , desktops , servers , endpoint devices , databases , applications and other IT systems are continuously examined for signs of a security incident . And with overall security management now in the hands of CISOs and CIOs , it is imperative that the security management policies for implementing SOCs are aligned with the key objectives of the organisation and business .
David Brown , Security Operations Director at Axon Technologies , said the security operations centre ( SOC ) market in the Middle East is growing – not as fast as other regions , but it is rising . Brown noted that this growth is from a combination of factors : the first is new , more stringent government regulations for many industry verticals . The second factor , according to Brown is the increased proliferation of cyberattacks across all regions , further fuelled by the growing move to cloud services , organisations are opening new attack paths . “ These attacks result in heavy financial and reputation losses to both public and private , small and large organisations alike ,” he said .
This being the background , Brown explained that the SOC segment provides a myriad of cybersecurity
the security operations centre market in the Middle East is growing – not as fast as other regions , but it is rising . posture improvements for regional CIOs . “ SOC is one of the first lines of defence against attacks and breaches ; 24x7 uninterrupted monitoring is critical to detecting the first signs of abnormal activity . Continuous monitoring ( either proactive or reactive ) is the first step in improving posture . “ The following steps in cybersecurity posture improvements come from visibility , speed , and agility and this is delivered from SOCs with enhanced monitoring , detecting , and response capabilities . A good SOC can play an active role in threat prevention , not just threat detection . This active threat prevention allows an organisation to stay ahead of potential attackers and issues . It reduces the effect of a breach when they happen and , therefore , the potential costs of the violation via data loss or reputation damage ,” he said .
Mark Orlando , Associate Instructor , SANS Institute , said the Middle East has continued to see rapid growth in security operations in response to sustained financially and politically motivated cyberattacks in the region . This , said Orlando , has meant significant investments in managed security services and security technology and a steep rise in the demand for skilled staff .
Orlando said making security investments commensurate with the size , scale , and speed of IT transformation and digitisation efforts can be a major challenge . However , he noted that including security capabilities in these initiatives as early as possible improves resilience and reduces the likelihood that security will be disruptive to users or business processes .
26 INTELLIGENTCIO AFRICA www . intelligentcio . com