Our honest opinion on a Security Operation Center

Our customer is a utility provider. In other words, a company that needs to stay up and running, constantly, no matter what. Consequently, they are big on security and staying alert to safety risks and intrusions.

That is why our customer has a Security Operation Center: a kind of cockpit where threats are monitored rigorously, and where they can quickly intervene when needed. Think shutting down computers, rebooting, closing down e-mail servers…

Our customer’s security team assessed the SOC’s infrastructure and software and found it to be outdated. The initial proposal to revamp the entire SOC turned out to be way too complex and expensive though, so the CIO asked Addestino:

We did the audit, applied our value-risk matrix, went over the relevant documents and conducted the necessary interviews. What we found was simple, yet striking. Obviously, our customer’s Security Operations can only respond to and report on the input and stimuli it receives. And there, in the input, lies the company’s real problem. Think endpoint monitoring, network monitoring, etcetera.

The result of our audit was a roadmap with incremental transformations needed in various areas—not only in the SOC—to improve our customer’s security. Some changes and additions are needed in the existing SOC, but there is definitely no need to throw everything out altogether.

The customer had been right in saying that their Security Operation Center was not performing well enough. But what the security team initially suggested—to solve the problem through a more complex and expensive system—was clearly not the way to go. Count on Addestino to keep it simple and straightforward. And to avoid an unneeded ~1M€/year increase in OPEX.