To borrow from Jane Austen, “It is a truth universally acknowledged, that a security operations center investing in people, processes, and technology, must be in want of modernization.” That is to say, with the current state of technology and where it’s going, we all want to modernize—but how we get there is a bit unclear. In this blog post, we’ll discuss what security operations center (SOC) modernization is, why it’s necessary, how it impacts the business, and how to justify investing in modernizing your SOC.
Trends that define the need for SOC modernization
There are two simultaneous trends driving the need to modernize security operations. The first trend is that organizations are looking to significantly upgrade their existing architecture to accommodate new workloads they haven’t had before and to make up for the well-known cybersecurity talent shortage. The second trend is that organizations that fully adopted a cloud-first or cloud-only architecture from the start can bypass the traditional paradigms we’ve put on cybersecurity tooling, such as needing a log management platform, SIEM, SOAR, or XDR solution.
Ultimately, as these two trends converge, the solution is a more modern stack. Previously, CISOs or SOC managers would hire more people to address the rise in threats and manage security tools, but that is no longer a realistic solution. Teams are getting burnt out by mundane, repetitive tasks, and many tools and processes that worked 10 years ago no longer apply today. To achieve higher levels of efficiency and efficacy, security operations need to adopt modern, purpose-driven solutions to grow and scale effectively.
Transforming how SOC impacts the business
Modernization carries inherent benefits such as efficiency and scale, not only in the technology itself but also in people. As a result of the talent shortage, we are asking more and more from security professionals these days. They need to be an expert in various skills, but those skills, more often than not, tend to be centered on legacy technologies.
By investing in modernizing the technology stack, organizations can realize team benefits because their hired talent is being trained and retained on newer technology and more relevant skill sets. In addition, by automating mundane tasks—not just in the downstream response actions but also in the upstream detection engineering actions—the security team can focus more on critical proactive investigation to stay ahead of security threat, and the organization as a whole can become more proactive.
Justifying Investment in modern SOC technology
Justifying investments in modernizing security technology to senior leaders and executives can be a difficult conversation. Most funding discussions inherently focus on risk, which is appropriate to bring up but is also never going away.
Instead of focusing on risk or pitching it as a “modernization project” (which can be seen as an abstract concept), center your conversation on efficiency. Efficiency can include dollars and hours saved, increased security maturity and detection coverage, and more. Solution providers can do their part by providing these metrics to organizations to make it easier for a CISO to demonstrate value to leadership. Moreover, the dollars saved through modernization can be invested back into the security program.
How to effectively incorporate cloud-based solutions is another point to consider when modernizing. With the ongoing shift to the cloud, most organizations will have varying degrees of cloud adoption, with younger companies generally being cloud-native from the start and larger enterprises having made previous investments in legacy or monolithic technologies. For those invested in the latter, a “rip and replace” approach will likely not go over well with executive leadership.
Instead, organizations should adopt a hybrid approach to modernizing their technology stack. With a hybrid model, organizations can still use the legacy technologies they have in place (especially if they have data that must remain on premises), but can also work to adopt and transition to cloud-based solutions at their own pace. By adopting this approach, the modernization effort will meet with less friction, and organizations can ultimately move toward incorporating a security data lake and cloud-based solutions that unify data—wherever it resides—to detection and response workflows.
We recently had a panel discussion with myself, Shaun Marion, VP & CISO of McDonald’s, and Omer Singer, Head of Cybersecurity at Snowflake, about building a bridge toward modernization. We all had great thoughts to share on this topic and others, so I highly recommend checking out our on-demand webinar for even more insights.