People, process, technology—the bywords of CISOs and other cybersecurity professionals for decades. Never have they been more relevant than they are today.
With hybrid work, the attack surface has dramatically expanded beyond corporate boundaries. Attackers have become more sophisticated, better funded, more pernicious. Cybersecurity teams, particularly analysts working in security operations centers (SOCs), face relentless pressure to respond to threats at a time when there is a severe shortage of qualified personnel.
In today’s world, the traditional triumvirate of people, process, and technology also extends to your entire cyber ecosystem and organization, as discussed in the white paper “Lessons Learned From the Microsoft SOC: Organization, People, and Technology.”
SOC modernization is about keeping your SOC current with the latest technology; focusing on modern processes like multifactor authentication (MFA) and Zero Trust; and supporting your people and organization with automation, machine learning and a culture of teamwork.
This article looks at key steps CISOs and other business leaders can take to modernize their SOCs to reduce risk, secure everything and strengthen the effectiveness, morale and job satisfaction of cyber professionals and SOC teams.
Commit to a Zero Trust Strategy: Organizations need a security model that adapts to the complexity of the modern environment, embraces the hybrid workplace, and protects, people, devices, apps and data wherever they are located. That model is Zero Trust, based on the guiding principles of verify explicitly, use least-privilege access and assume breach. Zero Trust takes a fresh look across all of your security disciplines, including access control, asset protection, security governance, security operations and innovation security such as DevSecOps. Architecturally, this brings in automated enforcement of security policy, correlation of signals across systems, and extensive security automation and orchestration to reduce manual labor.
Manage Compliance, Risk and Privacy: Organizations constantly access, process and store a tremendous amount of data at a time when data privacy regulations and compliance requirements are becoming more stringent. SOC teams can simplify compliance management with modern technology tools. For instance, Microsoft Purview Compliance Manager translates complicated regulations and standards into simple language, maps controls and recommends improvement actions. Microsoft Priva Privacy Risk Management allows organizations to identify crucial privacy risks, automate privacy operations, and empower employees to be smart when they are handling sensitive data.
See related article: 3 Ways to Modernize Data Protection, Governance, and Compliance
Use a Combination of XDR and SIEM Tools: SOC teams work best with a combination of deep analytics, broad visibility, orchestration, and automation. Extended detection and response (XDR) tools, such as Microsoft 365 Defender, provide deep insights and high-quality detections that enable analysts to spend time on actual attacks rather than chasing false alarms. Security information and event management (SIEM) tools, such as Microsoft Sentinel, help SOC teams get a broad view across the environment and avoid “swivel chair analytics.” Security orchestration, automation, and response tools, such as Microsoft Sentinel SOAR, help lower analyst burnout by automatically investigating and remediating attacks and orchestrating repetitive tasks.
Use Multifactor Authentication Wherever and Whenever Possible: MFA adds a layer of protection to the sign-in process that passwords alone can’t offer. It doesn’t stop all attacks, but it is enormously effective in taking password attack techniques off the table. Password attacks are typically automated, resulting in a high volume of attacks that often allow adversaries to get access to systems. MFA tools such as Microsoft Azure Active Directory offer added protection by requiring supplementary identification when accessing accounts or apps.
Build a Strong SOC Culture: A significant problem for many SOC analysts is alert fatigue and burnout. Lessons from the experiences of the Microsoft SOC, as described in this article, point to several key “people” steps organizations can take to build a cyber-aware corporate culture, keep morale high and make it easier to hire, retain, and attract SOC talent. These steps include:
- Invest in your people and provide an environment that allows them to develop their skills and grow.
- Create a culture of teamwork to make the high-pressure working environment more fun, enjoyable, and productive.
- Adopt a shift-left framework with a continuous learning mindset to keep the team laser-focused on reducing risk.
- Empower the SOC with automation to relieve the pressure of doing repetitive, manual tasks that are better done by machines. This frees analysts to apply more creativity and energy to proactively hunt for attackers.
Taking the Next Step
In today’s world of remote and hybrid work, taking a comprehensive approach to security with a modernized SOC and Zero Trust strategy makes organizations more resilient to the continuous drumbeat of cyberattacks. Investing in critical technologies such as XDR and SIEM is essential. But technology alone won’t do it; it is also vital to focus on your organization, your processes and, of course, your people.
Microsoft is committed to helping organizations modernize with end-to-end security solutions, architectural guidance, insights and education, security program best practices, and more. For more information, please review the resources mentioned in this article, as well as other material on this site. Other valuable resources include the article “The Fearless CISO: 4 Ways to Secure Everything” and more about the Microsoft approach to comprehensive security.
