The demands on Security Operations Centers (SOC) staff are growing due to the increase in coronavirus (COVID-19) cyber threats and greater numbers of business continuity drills. Now the U.S. Department of Homeland Security’s Cybersecurity & Infrastructure Security Agency (CISA) is advising businesses to enhance system monitoring to address coronavirus risk management. But what happens when SOC staffers become infected with the coronavirus and are forced to work remote? How can SOCs continue to provide ongoing security monitoring services during this unprecedented period?
Cloud-based Security Analytics Services: Immediate, Intelligent, and Flexible Relief
Cloud-based Security Analytics Services can provide immediate relief to short-staffed and overworked SOC teams. Cloud-based security analytics services, such as Gurucul’s Unified Security Analytics can be deployed within a matter of hours and delivered based on the specific needs of the organization. For example, some organizations may require immediate staff to augment first level monitoring while other organizations may need to augment their SIEM capabilities with security orchestration, automation and response (SOAR) to serve as their central hub to manage day-to-day SOC activities and rapidly respond to the higher volumes of security alerts.
Machine Learning and Richer Content Improve SOC Efficiency
With leaner staff, Security Analytics Services can also improve the efficiency of SOC teams. For example, User and Entity Behavior Analytics (UEBA) uses machine learning models to detect unknown threats such as new coronavirus malware with low false positives. And, given UEBA detection occurs early in the kill chain, incident response teams can be alerted earlier, potentially reducing the impact of a breach. Additionally, with more employees working remote, Identity Analytics leveraging machine learning enables the SOC team to proactively monitor and manage identity-based risks.
Scale As You Go
Gurucul cloud-based Security Analytics Services also allows SOC teams to start with a few resources and add resources as needed. This flexible model is an ideal approach given the uncertainty of the scale and scope of the coronavirus pandemic and the challenges it will place on IT.
Be sure to check back in for our next blog and learn how to get ahead and not just through this difficult time with Unified Security and Risk Analytics.
*** This is a Security Bloggers Network syndicated blog from Blog – Gurucul authored by Nilesh Dherange. Read the original post at: https://gurucul.com/blog/when-soc-teams-are-impacted-by-the-coronavirus