Security operations centers (SOCs) tend to be forward-looking out of necessity: there’s always going to be new attacks, vulnerabilities or complications resulting from the use of new technologies.
But as organizations make remote work a permanent part of their operations, many SOC teams will need to make adjustments that are on a whole new order than the adaptions that they’re used to. Those adjustments will include rethinking some pretty basic fundamentals, including where the SOC should be, what tools it should prioritize, and emerging challenges it should start to prepare for now.
Here are some immediate recommendations for what SOCs should do to adjust and some longer-term ideas for how to future-proof SOCs for the long-term:
Dialing down the network noise
One immediate step that SOCs should push for is reducing all-day access to the corporate network and VPNs. It sounds somewhat counter-intuitive, but taking this step actually makes a lot of sense in the context of reducing the attack surface.
By reducing the need for all-day corporate VPN use, SOCs can prioritize incidents and anomalies that require their attention. Instead of asking employees to sit on the VPN all day so they can access a server for the two or three things they need, SOC teams should consider sending employees to internet-based portals to verify their identities, granting access, and then removing user access straight after. By using a simple smartphone push or OTP only when needed and instead of relying on the VPN ‘perimeter,’ the SOC team shifts its network access closer to a zero trust posture – improving security without being too invasive.
Pushing certain corporate assets onto the internet and giving ..
Support the originator by clicking the read the rest link below.
