Even as security organizations scramble to protect a much broader range of remote end users than ever before, they're also being called on to solve their own internal remote work problems. Chief among them is figuring out how to enable effective remote SOC operations.
Security veterans say the first thing to keep in mind is that none of the fundamentals should go out the window when you move analysts to remote locales.
"Whether it's remote or on-site, the principles of maintaining a SOC remain the same," says Curtis Fechner, technical director, threat management, at Optiv. "Any formal standards, procedures, or other rules should still apply. How SOC analysts access their various consoles may, of course, change if they are working from home, as will the means by which they collaborate and share intelligence."
With that it mind, here's what the experts recommend to keep a dispersed SOC team tracking threats and seamlessly handling incidents.
Harden Analyst MachinesTypically an on-site SOC is housed in an environment with advanced physical security due to the nature of the information it handles, says Isidoros Monogioudis, director of information security at Digital Shadows.
"This makes remote work for a SOC a bit challenging as traditional physical protection has to be transferred to the SOC analysts' homes," he says. "That means that analysts' devices accessing a SOC's resources should be very carefully configured, hardened, and protected in order to keep security levels at high standards."
Secure and Bolster Connection PerformanceAs part of ensuring that their SOC staffs are working in a secure at-home workspace, organizations should also be implementing strict controls over analysts' device access and ..
Support the originator by clicking the read the rest link below.
