Security Operation Center… beyond the norm!

The analysis of the capacity at the basis of the design

Analysis, resource organization and data detective activities are the basis for creating a technological management site. Francesca Balducci, Security Assessment and Data Analysis Account within the Secursat Business Development team, shares an innovative approach for the organization and management of a Security Operation Center. The idea that has accompanied Secursat's expansion over the last few years is that the process of building a structured security governance capable of being included in decision-making and corporate processes and therefore, providing a primary contribution in guaranteeing the continuity of the business, has its roots in a land still strongly conditioned by traditional security ideas and structures. 

If on one hand, the objective of those who "make security" and deal with risk management, still remain to guarantee an event management - understood in the broad sense of the term – by providing quick answers, on the other hand also from an analytical  viewpoint it increasingly emphasizes the need and, consequently, the request by companies to understand in detail the dynamics connected to  the operation of a Security Operation Center (SOC). Through projects to analyze the SOC capacity of our customers in the energy sector, industry, transport and data detective activities, with the Secursat Business Development team, we came to the idea that through SOC you collect data and information useful for the analysis of risk evolution scenarios, as well as to start optimizing and streamlining actions that allow to operationally support the construction of a business-oriented corporate Security Governance.

We have therefore developed a model dedicated to Security Operation Centers that starts from the study of the operational and management processes within a SOC, to be able to provide useful answers for the remodeling of strategic plans, to optimize resources, procedures and effectively implement technological solutions. 

In this sense, designing a SOC no longer means just thinking about and defining its architectural structure respecting the layout requirements and infrastructural characteristics provided for by the UNI CEI EN 50518: 2020 standard but also, and above all, to start reorganizing the available resources and investing in targeted technologies tailored to the business needs to build a unique business security model. If the goal is to ensure event management capable of providing rapid responses, on the other hand there is an increasing awareness that the data and information sent back by the systems and technologies in the field, as well as the management methods of the processes and existing procedures can improve and support investments and business strategies. 

“The contribution that the Business Development team offers is to      analyzethe operating logic of the technological systems on site, conduct a Vulnerability Assessment to provide a complete picture of the SOC”

 Francesca Balducci, Security & Risk Analyst of Secursat 

The contribution that the Business Development team offers is to analyze the operating logic of the technological systems on site, conduct a Vulnerability Assessment to provide a complete picture of the SOC - technological, infrastructural and operational - capacity. Our goal is to understand the technological and systems management methods, their adequacy with respect to number and type of plants managed, number and type of reports and alarms taken in charge, skills of the operators and of the resources employed in SOC, as well as targets and company needs, but also to start data detection and analysis paths of technological data from the supervision and integrated management systems of security and safety equipment, to identify how to optimise choices and business decisions. 

What allows us to improve in quality and define ours as an "operational consultancy" is the mix of traditional technical experience, knowledge of the typical mechanisms of the operation of a SOC and managerial, organizational and analytical skills. 

What makes the difference in this process is not so much the ability to process and analyze this data, but to be able to define the structure of the optimal data lake for the achievement of KPIs and business metrics as well as define the ways in which to use these operational data: the data processed and analyzed in the course of structured consulting projects, almost always refer to a series of often disjointed information, proposed in heterogeneous ways and difficult to interpret for non-professionals. 

What companies are looking for is, in fact, the possibility of having interactive dashboards, updated in real time, capable of monitoring KPIs (Key Performance Indicators) and identifying KRIs (Key Risk Indicators).

The  goal of the Secursat Business Development team is to analyze the raw data, coming from the available databases, to help the customer understand how to standardize and structure them in an organized manner and to provide suggestions and indications regarding the ways in which information flows through business intelligence systems. 

The next step, and which often tends to be overlooked, is that technological and systems-level implementations and optimizations alone are not enough to guarantee the achievement of the objectives with expected results: it is the way in which technology and services are managed which then allows to achieve measurable results. From this perspective, Secursat places great emphasis on the need for and importance of training and informing operators, employees and resources dedicated to the management and organization of security in any capacity. Through this unique approach, we have therefore created a model to clear the traditional concept of a Security Operation Center as a place where alarms are managed, dissociating ourselves from an idea of ​​passivity, but thinking of it as a technological hub where a technological governance of security begins. To remodel and streamline security interventions and optimize business processes according to a perspect of integration and flexibility is certainly the purpose and request of many customers even if, especially in recent times, as often requested to have an eye on the increasingly emerging issues concerning the environment and the development of sustainable policies. 

For this reason, for the near future, as a Business Development team, we are developing an approach through the management of security that allows us to measure, the objectives of corporate sustainability, with the awareness that issues of sustainability have now become a driver. The human factor and technological management have a primary importance which guide the largest national and international groups and companies’ definition of the strategies.