How can you build, staff, maintain and scale a security operations center (SOC)? Before you pursue answers to those questions it's important to determine whether you should actually build a SOC.
After all, many small MSPs can't afford to build & staff a full-blown SOC. Instead, the wiser move may involve partnering with SOC as a Service (SOCaaS) providers and/or larger MSSPs and MDR (managed detection and response) service providers that already have security operations center capabilities in place.
That said, a blueprint for SOC success can be extremely valuable to MSPs and MSSPs of all sizes. With such a blueprint in place, you're better equipped to ask the risk questions as you evaluate a "build, buy or partner" journey in the SOC market.
Security Operations Center Success: MITRE's Advice
One such blueprint for SOC success comes from MITRE, which has published 11 Strategies of a World-Class Cybersecurity Operations Center. Dig a little deeper, and MITRE essentially says that the 11 secrets to SOC success involve:
- Know what you are protecting and why.
- Give the SOC the authority to do its job.
- Build a SOC structure to match your organizational needs.
- Hire and grow quality staff.
- Prioritize incident response.
- Illuminate adversaries with cyber threat intelligence.
- Select and collect the right data.
- Leverage tools to support analyst workflow.
- Communicate clearly, collaborate often, and share generously.
- Measure performance to improve performance.
- Turn up the volume by expanding SOC functionality.
How to Build A SOC: Highlights You Can Download
If you're not quite ready to dive into the full book, you can read highlights from the book and a bit more about each of those 11 SOC strategies here.