Monitoring used to mean: having a solution that detected events already known and recorded. Did it work? Yes, but it was incomplete. Because, not so rarely, the threats that we call zero-day, those that are new and different, ended up going unnoticed.
The concept of security was born decades ago. They inspired solutions that, in recent years, have evolved and become more complex. Today, the monitoring of environments is done 24 hours a day, 7 days a week. Without rest.
Furthermore, the most modern SOC solutions are based on comparisons that make it possible to quantify the risk that a threat represents for a certain business. It is an analysis aligned with the sector in which the company operates, and with the product and service it offers.
This SOC, which has earned the nickname 2.0, also does not rely on the client ecosystem to monitor and detect. What it does do is oversee the network packet to find anomalous behaviour. In other words, all data entering and leaving the corporate environment passes through the eyes of the SOC.
But is this limited to the company building? Is only traffic entering and leaving the corporate network at headquarters monitored?
There have been upgrades. We transformed the SOC into what I like to call the Borderless SOC. Even, a concept that proved to be urgent in the period of the coronavirus pandemic. How does it work?
Let's imagine that the company is a castle and that the SOC is the defence of that castle. And that the residents need to do business beyond the walls. Which, in other words, would be like working from home, in a coworking space, on the street using a mobile phone. In this case, would the castle's assets be unprotected?
The truth is that the user exchanges data everywhere these days. And the SOC concept has kept pace with people's behaviour. Today, wherever the user is, our Borderless SOC reaches out and monitors.
And we don't just rely on extremely qualified people to do the job. Cybersecurity professionals are essential, but the truth is that threats multiply faster than the market trains people. That's why we rely on what we call Security Orchestration, a layer that unites various security resources, adding solutions and teams. We do all this because we understand that data, today, are commodities, decisive for the growth of companies.
And in the third article in our series "The evolution of security in business", we'll explain how people are divided up in the SOC. Around here, we divide the team a little differently. Read here.