Despite mixed reviews, security operations centers (SOCs) have shown signs of maturing in recent years, and Eric Cole, founder of Secure Anchor Consulting and a faculty senior fellow with the SANS Institute, believes they are the key to the future of security.
"The big advantage of a security operations center is continuous monitoring," Cole said. "You have a place where people are constantly watching and monitoring your network, and being able to look for or catch anomalies, and being able to respond in a timely manner."
In this interview, recorded at the 2015 RSA Conference, Cole sat down with Eric Parizo to discuss the growing necessity of SOCs. "Adversaries don't stop breaking in, you shouldn't stop monitoring it. If you're only monitoring your network six hours a day and the adversaries [are] breaking in for 24 hours, you're at an instant disadvantage."
The issue on everyone's mind when deciding whether to set up a security operations center is money. What does it cost to set up a SOC?
"That's a hard one," Cole explained. "It's sort of like asking me, 'What's the cost of an automobile?' Do you want one of those little smart cars or do you want a Ferrari? It can really vary greatly on the requirements."
Cole goes on to describe the two keys to a successful SOC and how to go about setting one up. He also addressed the rise of security automation and how to make it more effective and efficient.
"Security automation is really the lifeblood of a SOC," Cole said. "Computers are great for automation, but humans are great for the analytical component, and that's really the key."