With the continuous development of digital transformation, a technologically advanced and fully functional security operation center has become the security line of defense that enterprises must rely on. In 2023, enterprises' application demand for unified security operation platforms (capabilities) will continue to increase, mainly including.
Improve security posture: Security personnel need to continuously monitor security threats and vulnerabilities and take appropriate actions to address these issues and improve the organization's security posture;
Enhanced Visibility: Security personnel need a complete view of the organization’s security posture and understand what is happening across the organization’s networks, systems, and applications;
Optimize security incident response time: Enterprises need to respond to security incidents and threats faster and handle these incidents in a more efficient manner;
Better collaborative working: The security operations center needs to coordinate the organization's overall security efforts, including the implementation and maintenance of security policies and procedures, the deployment of security technology, and the training of personnel in security best practices.
Improve compliance: Security operations centers help organizations meet regulatory and compliance requirements by providing a structured and documented approach to security management.
Development Trend of New Generation SOC
SOC has always been the most important tool to help enterprises achieve systematic network security operations. Based on the above requirements for the construction of security operation centers, enterprises need to make many optimizations and improvements to the SOC technology being applied. The new generation of SOC technology may show the following development trends in 2023:
SecOps process automation
Research shows that 90% of enterprises already plan to invest in automated security protection. Among them, some companies are beginning to experiment with XDR solutions that provide automation and AI capabilities. These solutions strengthen enterprises' capabilities in AI technology implementation and transform many of the manual tasks that security engineering currently performs in organizations into automated processing modes.
Use managed threat detection and response services
As security technologies evolve rapidly, organizations find it difficult to acquire, deploy, and train internal teams to operate them. According to ESG research, 85% of enterprise organizations are now using managed security services. One of the most common options for enterprises is managed detection and response (MDR), which allows organizations to deploy advanced endpoint security systems and manage them through a remote SOC from outsourced security experts.
Using the MITER ATT&CK framework
Data shows that 89% of organizations are beginning to use the MITER ATT&CK framework for a variety of security operations use cases, from understanding cyber attacker strategies, techniques and processes to guiding SOC maturity assessments. Therefore, security operations teams also need to use the MITER ATT&CK framework to provide contextual threat intelligence to improve prioritization, root cause analysis and response, and increase the maturity of SOC applications.
Securing cloud applications
It is clear that cloud usage will increase in 2023. Therefore, it's important to have security tools and strategies that scale accordingly. To take advantage of cloud services, enterprises must address ever-changing cloud security challenges, now and in the future. Therefore, the new generation of SOC needs to be able to operate directly in the cloud and be compatible with cloud-based application systems. This allows organizations to uniformly monitor cloud applications, devices, servers, and endpoints, and improves the efficiency of collecting cloud system operation logs.
Strengthen integration
In order to improve operational and security efficiency, the new generation of SOC needs to work with and integrate with more security tools and systems, including security orchestration automation and response (SOAR), real-time visualization tools, behavioral analysis, and threat intelligence from multiple data sources.
Intelligent threat hunting
To facilitate investigations and improve the ability to detect and respond to threats, new generation SOCs are already using machine learning-based tools. According to ESG's research, more than half (52%) of the companies surveyed said they would give priority to new security technologies using machine learning. In addition, 20% of enterprises are piloting machine learning projects, and 18% plan or are interested in deploying machine learning for threat detection and response.
The future belongs to open XDR?
Although security vendors continue to optimize and improve existing SOC solutions, the final application effect still needs to be verified in practice. Some researchers believe that the current insufficient application of SOC products is difficult to fundamentally change.
First, inefficiency in data management will be an inherent shortcoming of the existing SOC framework. Mainstream SOC solutions generally lack a smooth and systematic process to achieve efficient data collection, storage and correlation, and to determine the priority of massive data analysis. Some vendors offer out-of-the-box data processing and prioritization mechanisms, but they have yet to prove their effectiveness.
Secondly, manual work is still essential in current SOC applications, and security experts still need to write corresponding operating rules for manual configuration.
In addition, there are some challenges in ensuring that the SOC works effectively with the security tools commonly used by the organization. Finding ways to integrate is not difficult, but it may be inefficient. And when different manufacturers release new version updates, many coordination problems will also arise.
In this context, open XDR is considered an effective supplement to the enterprise's security operation capability system, and may even become a substitute for traditional SOC solutions. There are some similarities between open XDR and SOC, but they adopt different technical system frameworks, making it easier to achieve integration and collaboration of multiple security capabilities. Due to the different methods and framework systems used, open XDR has some unique methods that can deal with new security threats in a way that traditional SOC cannot achieve.
Open XDR will be more efficient in processing and analyzing massive security data. It clearly requires that data be standardized and refined in a unified manner before being stored in a data lake or big data processing system, which is difficult to achieve with current SOC solutions. Because the security data collected and stored has been sanitized, Open XDR maximizes the algorithmic benefits of artificial intelligence.
In addition, open XDR can use different security control measures to deal with many risks and use a unified control interface to ensure user application experience. It also makes it easier for organizations to use UEBA, SOAR, NDR, EDR and other new security tools through a single platform.