Cyber-Insiders-v9-spreads - Flipbook - Page 30
How does the future-ready
SOC work?
The future-ready SOC is
distinguished by its open and
extensible architecture, allowing
internally developed capabilities
to sit alongside leading vendor
technologies without any historical
issues with lock-in. This enables
an organisation to bene昀椀t from
collaboration across in-house
capabilities and trusted partners.
A future-ready SOC works by
implementing the following:
Open architecture
Open architecture allows an
organisation’s in-house capabilities
to coexist and collaborate with
priority vendor technologies,
enabling better innovation and
adaptability. The architecture
should also be extensible, reducing
dependency on a single vendor
and facilitating the adoption of
new technologies.
30
|
ADARMA CYBER INSIDERS
Data acquisition and storage
For a future-ready SOC to be
e昀昀ective, it needs to be able to
gather, process, and store relevant
data from various sources and use
it to enhance security. There are
two key aspects to data gathering
in a future-ready SOC:
• An organisation’s ability to
recognise the value of di昀昀erent
types of data in a security
context.
• The ability to e昀케ciently and
cost-e昀昀ectively extract,
route, and store this data. By
prioritising data, the SOC can
send it where it’s most useful,
and store it in the right place
and format to maximise cost
e昀케ciency. Data pipelining
technology is a new approach
that can help achieve this, while
also reducing data intake and
storage expenses.
Federated detection
and response
Within a future-ready SOC,
detection and response should be
orchestrated to minimise the time
to respond and to maximise the
e昀昀ectiveness of a response. The
primary objective of a federated
detection and response model
is to enable quick recovery of
information from a distributed
enterprise environment. The
local SOC must then use its
own detection and response
capabilities and storage to improve
mean time to detect (MTTD) and
meantime to respond (MTTR)
without running up data transfer
costs. A federated approach
should heavily rely on centrally
orchestrating detection logic and
intervention techniques.
