The security operations center (SOC) stands at the heart of security programs, with detection and response capabilities that aim to protect an organization from cyber intrusion. Faced with escalating threats, budgetary constraints and a limited talent pool, however, state, local, tribal and territorial (SLTT) governments face challenges supporting an effective in-house SOC.
In SLTT governments, the SOC typically must maintain security across dozens of disparate agencies, each with its own business needs, technology dependence, workforce and IT footprint. The level of complexity presents a challenge to state and local leaders trying to manage cyber risk.
This environment grows even more complicated as agencies undertake transformation efforts.
“Organizations are implementing so many new systems and applications every day, and each technology can have different behaviors that bad actors are trying to exploit,” said Vinod Brahmapuram, Senior Director of Security for State, Local and Education with Lumen, which specializes in helping SLTT agencies address their security challenges.
Augmenting the SOC
In general, a managed security service (MSS) may help manage things like intrusion detection systems, firewalls, network detection and response systems, and endpoint detection and response. SOC-as-a-Service (SOCaaS) solutions take this idea even further.
SOCaaS typically does all that an MSS does, along with providing a team of analysts to resolve alerts, identify and analyze indicators of compromise, and analyze and respond to attacks in order to minimize the impact of security incidents, according to Kuppingercole Analysts.
The team will also optimize an organization’s protection, detection and response capabilities through continuous monitoring and reporting. As such, SOCaaS can be considered an evolution of both MSS and managed detection and response (MDR).
In support of improved detection and response, SOCaaS capabilities may include:
- Threat detection: SOCaaSleverageslogdatato rapidly identify potential anomalies. With access to the latest threat intelligence, an SOCaaS provider has broader reach, and the ability to spot potential problems to which an in-house SOC might not be privy.
- Incident response: With SOCaaS, skilledexperts may work to rapidly identify potential anomalies and take immediate action in order to head off a threat, or the system may take automated action as defined in collaboration with the service provider and the government entity.
Building on Threat Intel
With one of the largest, deeply peered IP backbones in the world, Lumen has unique visibility into the threats that emerge around the globe. The company leverages this network as a threat sensor to better detect and respond to malicious activities to protect their customers and the community at large.
Lumen has a long history of leveraging the threat intel on its network for cyber protection, Brahmapuram said. As a founding member of the Cybersecurity and Infrastructure Security Agency’s Joint Cyber Defense Collaborative (JCDC), among other working groups across the government, Lumen shares its cyber data and threat intelligence to warn agencies of the emerging risks that could impact our nation’s critical infrastructure.
This article appears in our Guide, “Unpacking Digital Transformation.” To read more about how agencies are getting the most out of their modernization and transformation efforts, download the guide.