Security Operations Center in focus at the GFFT Security Lab

How does a Security Operations Center (SOC) actually work? What are the regulatory requirements and how do they relate to proven best practices? Answers to these important questions were provided by Ramon Weil, Founder & CEO of SECUINFRA GmbH, and David Bischoff, Principal Cyber Defense Consultant at SECUINFRA, at the Security Lab of the Gesellschaft zur Förderung des Forschungstransfers e.V. (GFFT). Last Thursday’s “Insights: Security Operation Center (SOC)” event attracted keen interest from attendees. Both medium-sized companies and representatives of large corporations and universities were registered. They took the opportunity to learn about the efficient use of SOCs and to clarify important questions with the security experts present.

In his keynote presentation, Ramon Weil gave an overview of the current technological status of security operations centers. His company has many years of experience in building and operating SOCs – both with customers and with its own SECUINFRA SOC. In his presentation, Weil showed how even the planning phase is critical to ensuring comprehensive and efficient coverage of the threat landscape. He also recommended using standardized methods such as the MITRE ATT@CK framework. He outlined the requirements to be covered based on the BSI law. In addition, he explained why this alone is not enough, however, as many newer technologies such as Endpoint Detection and Response (EDR) or Security Orchestration, Automation and Response(SOAR) have not even been considered there. At the same time, he stressed the importance of the law: “It’s a step in the right direction and will significantly increase cyber resilience in Germany over the next few years.”

However, Weil and Bischoff also pointed out the problems associated with implementation: For example, the technical and human resources required to operate a security operations center are often too high, especially for medium-sized companies. After all, such a SOC must be available 24 hours a day, because security incidents must not only be detected, but also analyzed immediately. An analysis by a SOC analyst is mandatory and the use of a SOAR system for partial automation is advisable. In addition, an appropriate response is required – and this is almost always time-critical. A cyber detection and response center must therefore be staffed around the clock. “This is a major challenge and not at all easy to implement in view of the shortage of skilled workers,” Weil summed up. “For many companies, therefore, outsourcing a SOC is a more viable alternative.”

A survey of Security Lab participants also showed how different the prerequisites are. For example, the opportunities in large corporations are quite different from those in smaller companies, also in financial terms. The major players have around 2,000 euros per employee available for IT security. At the other end of the scale are the universities, where it is only 50 euros. “In view of these very different conditions, it is important to find solutions that best suit the company in question,” Weil finds. The next opportunity to learn about Security Operations Centers will be at GFFT’s Security Lab in the coming months. More information on this will be announced.

Thomas Bode · Author

Marketing Manager

Thomas Bode ist Marketing Manager bei SECUINFRA. Neben den Marketingaufgaben ist Thomas auch für das soziale Engagement der SECUINFRA verantwortlich.

Thomas Bode ist Marketing Manager bei SECUINFRA. Seine beruflichen Wurzeln liegen in der Tourismusbranche, weshalb er bei SECUINFRA unter anderem für die Planung und Organisation von Firmenevents zuständig ist. Dabei ist es sein Ziel, nicht nur ausgefallene Reiseziele und Locations zu finden, sondern sich auch Aktivitäten auszudenken, die allen in besonderer Erinnerung bleiben und das Team weiter zusammenwachsen lassen. Neben allen marketingrelevanten Themen ist Thomas auch für das soziale Engagement der SECUINFRA verantwortlich.

Marketing Manager

Thomas Bode is Marketing Manager at SECUINFRA. In addition to marketing-related tasks, Thomas is also responsible for SECUINFRA's social commitment.

Thomas Bode is Marketing Manager at SECUINFRA. His professional roots are in the tourism industry, which is why he is responsible for planning and organizing corporate events at SECUINFRA, among other things. His goal is not only to find unusual destinations and locations, but also to come up with activities that will be remembered by everyone and that will make the team grow closer together. Besides all marketing-related topics, Thomas is also responsible for SECUINFRA's social engagement.
Beitrag teilen auf: