Blog

6 Tips for Enabling Your Security Operations Center (SOC)

Written by Lomy Ovadia | Apr 30, 2020

What will “normal” look like when people around the world start returning to the office? There are some examples from those areas of the world that are ahead of the United States on the curve, but it is likely to be different for everyone. One certainty is the future won’t be the same as the past. Routines are different now and will change again.

Unfortunately for security analysts, predictors of the past can’t be relied upon in the future. Cyber criminals thrive in this type of upheaval. In fact, there are many reports showcasing the widespread increase of targeted COVID-19 themed phishing attacks. Why? It is the collision of multiple factors giving these bad actors more opportunities.

First, most of Corporate America is still working from home. Our cybersecurity systems were never designed for a predominantly remote workforce. (See our blog on the new scattered perimeter.) More people working remotely, equates to more targets and more chances that someone will “click” the bait. Additionally, the attacks being launched now are different and not easily identified by traditional methods. If all that wasn’t enough, employees are juggling more with hectic schedules and more demands on times. A distracted employee is an ideal target.

Security teams consistently tell us they need a better way to collaborate and more access to information.

Here are 6 tips that can help you and your SOC peers:

1) Collaboration is key: Detection and response time are the most important security metrics for any security team. Working remotely can add a bit of complexity as its harder to collaborate and discuss incidents with your colleagues. Find a way to discuss issues and work together on projects. This will help keep the momentum going.

TIP: You can now communicate internally and with IRONSCALES global SOC analyst community without leaving your IRONSCALES email security security platform. What’s better than collaborating with your company peers? Being able to ask industry peers mutual incident specific questions is a game changer for many. See Press Release for more on this >>

2) Automation and AI: There is no shortage of tasks for SOC analysts in any given day. The constant monitoring of glaring at the screens, followed by triaging and escalating alerts. Wouldn’t it be nice to have some level artificial intelligence built into your email security defenses? AI isn’t a replacement for human intelligence, but it can help alleviate some of the work.

TIP: Check out Themis – the first ever fully autonomous virtual email security analyst!

3) Continuous Mentoring & Support: Work-from-home environments are tough for everyone and SOC teams are no exception. Some members of the SOC are likely in the office making sure the essential items are covered, but they need the support from those at home. No one has experienced this type of business or email security environment before. Now is the time to engage more frequently with your team. Challenging, we know, but worth it in the end.

4) Contingency plan for business continuity: The future isn’t easy to predict. Even in the best of times, we recommend building contingency plans to ensure you are prepared. If you haven’t refreshed yours, now is the time to dust it off and start thinking about how you can cross train, rotate duties and create a back-up plan.

5) Mix it up & train: Keeping your team motivated and engaged is especially important in today’s quarantine times. Mixing up assignments will help remote analysts from getting into a rut, keep a positive outlook while stimulating their brain as well. This will also help with the contingency plan we discussed earlier. For employees, we can’t emphasize the importance of timely and relevant security training enough.

6) Regular check-ins: Regular check-ins can ensure the physical and mental well-being of your team and keep track of all responsibilities especially the time-consuming tasks such as documentation that can easily fall through the cracks during the current scenario. Daily stand-ups might not be possible, but don’t skip your weekly meetings. You need to discuss what threats are looming and, of course, anything you’ve learned from the broader SOC community you can now engage with through IRONSCALES.

2020 has taught us a lot and we aren’t even at the halfway point. It’s making us adapt during uncertain times, stay resilient and maintain business continuity and productivity. To keep a strong and uninterrupted cybersecurity posture, we need to adapt fast and automate more and enable better collaboration inside and outside your organization.

Give them the time savings via automation so that they can efficiently manage their workload. Through collaboration, give them the power to access threat intelligence from thousands of users and global enterprise SOC teams and even better stay on top of changing employee and attacker behaviors.

Give them the tools to succeed!

See for yourself how IRONSCALES email security platform can add efficiencies and save time for your SOC team via automation and crowdsourced threat intelligence. Schedule a quick demo now!