What to Do When IT Outpaces Your SOC Team

Over half of SOC teams say security operations are getting more difficult to manage — here are three ways to help.

What to Do When IT Outpaces Your SOC Team

In April, Enterprise Strategy Group interviewed 376 IT and cybersecurity professionals from private- and public-sector organizations in North America. You can find the complete report here. In fact, I strongly recommend doing so — because it’s always good to put the state of your own security operations in the context of what your peers are experiencing.

But in this blog, I’d like to focus on one particular aspect of the ESG report that’s revealed in the following numbers from the survey’s respondents:

  • 52% say security operations are getting more difficult to manage
  • 39% say their attack surface is continuously changing
  • 34% say their organization’s use of public cloud keeps increasing
  • 33% want to improve integration of asset management data into the SOC
  • 30% intend to improve alignment of SecOps and IT Ops in the next 12-18 months

These numbers highlight a central challenge for security professionals. It’s not just that you’re constantly fending off ever-evolving adversaries. It’s also that the digital fortress you’re trying to defend is always expanding its walls and adding new elements— sometimes without even telling you. Plus, you must safeguard everything outside the fortress walls, too!

The enemy in the labyrinth

There’s reason to believe the survey numbers underestimate the adverse impact infrastructure growth is having on security. That may be because security pros are generally so focused on security-specific issues such as endpoint protection, threat hunting, and vulnerability management that they don’t necessarily think in terms of what their own organization’s IT infrastructure and software development teams are doing to make their job more difficult.

And it’s not like those teams are doing so maliciously. They have their own imperatives and pressures to worry about: improving the value proposition to the customer, maintaining competitive advantage, streamlining the supply chain, etc.

But the fact remains that in their relentless pursuit of digital success, organizations keep making life harder for us. Threat actors who get past our perimeters — as they invariably will sometimes — have more places to hide and more assets to potentially compromise.

With this in mind, here are three actions we can take in response to the issue of ever-evolving enterprise digital infrastructure:

  1. Improve operationalizing threat intelligence to quickly and accurately detect indicators of an active threat anywhere across endpoints, clouds, and the network.

  2. Up our vulnerability management game so that we stay fully patched regardless of how many new endpoint systems we roll out.

  3. Push for the teams that drive our organizations’ buildouts to work with us, so security is a forethought — rather than an afterthought.

Those are tough items to add to our full agendas. But if we don’t tackle the issue of nonstop infrastructure change head-on, it will be really difficult to increase security over time.

In fact, chances are that you’re going to become less secure if the enemy keeps getting stronger while your environment expands beneath you.

How XDR and MDR can help

XDR and MDR have a pivotal role to play as you seek to defend a growing environment from a growing volume of increasingly sophisticated threats. And that role centers around imperative #1 above.

XDR (or, more precisely, the right XDR) helps by more quickly and thoroughly operationalizing current threat intelligence for your SOC team. XDR detects all the potential telltale signs of an active threat, regardless of where those telltale signs happen to appear. So even as your environment grows — and even as new threat patterns emerge across the globe — your odds of detection remain high.

Also, the right XDR platform will be open for integration with whatever data sources are appropriate for keeping tabs on your growing infrastructure. So, you can have a high degree of confidence in your ability to keep your organization safe even as it moves into new technologies such as Web 3.0 and virtual reality.

That’s why a remarkable 98% of respondents to the ESG survey assert that XDR will play an important role in the future of their SOC — whether it replaces, supplements, or helps integrate the various components of their existing security toolkits.

The benefit proposition for MDR is quite similar to XDR, since the former is simply a managed version of the latter. However, as the ESG survey also indicates, a whopping 88% of respondents plan to increase their use of managed services for security operations providers. Reasons for this mega-move to managed services include the need to have in-house SOC teams focus on more strategic issues, the difficulty recruiting and retaining skilled SecOps professionals, and the economies-of-scale service providers can offer.

But regardless of exactly why your SOC team implements XDR or MDR — or even opts to go with some hybrid model — the fact is that the status quo isn’t going to cut it.

And, again, the pressure to change isn’t just coming from the intensifying threat landscape outside. It’s also coming from inside the building.

Get your copy of Enterprise Strategy Group’s insightful SOC Modernization report here.

You Might Also Like

Back to all Blogs

Additional Resources


See for yourself: Request your demo to see how Taegis can reduce risk, optimize existing security investments, and fill talent gaps.