Contact us
Contact us
Previous search terms

    Hybrid SOC operations transformation

    The key to achieving force multiplier in cyber defence.
    event 07 Feb, 2024
    Hybrid SOC operations transformation

    Introduction

    In the dynamic world we inhabit today, cyber security is increasingly established as an indispensable facet for all organisations, regardless of the size or sector. The methods that were once standard for managing security operations are plainly no longer equipped for the task, making vulnerable our crucially important data and systems. 

    In the evolving sphere of cybersecurity, there has been a paradigm shift in the way security operations centre(s) operate.

    “#1 internal challenge to achieving cybersecurity goals is lack of key skills (40%).1”

    Traditionally focused on reactive measures to counter threats, they are steadily evolving to embrace strategic, proactive measures that anticipate these threats beforehand.

    Integrating the competence of internal security teams with the expertise of external consultants from leading firms help realise this transformation. This hybrid approach combines the best of both worlds, resulting in an enhanced defence mechanism that offers a strategic view into emerging threats. The model yields an elevated level of defence and also furthers strategic foresight into impending threats.

    Embracing the hybrid model: Combining expertise for better security

    When it comes to securing an organisation’s digital landscape, no area should be left under-guarded, and this includes the security operations center(s). As organisation(s) strive to upgrade and boost their SOC, a hybrid model is worth considering. This model, which merges the benefits provided by the in-house staff with expert services from consulting firms, can drastically improve the quality and efficiency of an organisation's security operations.

    Cyber security is extremely dynamic and constantly evolving. Leveraging specialised knowledge and experience of trusted firms brings in expertise and agility to effectively collaborate with internal cyber security capabilities in addressing the threat landscape

    Atul Gupta

    Partner and Head - Digital Trust and Cyber

    KPMG in India

    atul-gupta-updated

    Firstly, consider the in-house security team. This team, armed with an understanding of the organisation’s unique environment, can provide precise identification, and quicker triage for internal security threats. However, the complex and evolving nature of cybersecurity threats can sometimes outstrip the expertise and capacity of even the most dedicated in-house teams. 

    This is where the hybrid model comes in - the cyber security firms. These firms have a broad and evolving understanding of cybersecurity threats and solutions, thanks to their work with a wide variety of clients. They can bridge the gap between the in-house team's tunnel vision by giving visibility to a broader landscape of potential threats. With this complementary expertise, an organisation’s security posture is strengthened. 

    1. The firm(s) supplements the internal environment intelligence with the external threat actor MO to contextualise and illuminate the activities within the organisation. These are the result of years of experience and continual learning from numerous engagements.
    2. They can bring a fresh perspective, identifying potential vulnerabilities internal team(s) might not have noticed. This kind of outside-in approach mitigates the risk due to internal bias.
    3. The firm(s) also offer just-in-need staffing models during peak workload times, helping organisations achieve resource efficiencies and demand management.

    Security needs are becoming increasingly complex and burdensome, exerting pressure on resource allocation and technical expertise. In the face of a rapidly evolving threat landscape, the hybrid model offers a robust solution – combining the depth of an organisation's internal insights with the breadth of a cyber security firm's external expertise. By embracing this model, teams can equip their organisation(s) to detect and efficiently respond to a wider array of cybersecurity threats, fostering a stronger and more resilient security ecosystem.

    The ROI of collaboration: Investing in expertise for enhanced security outcomes

    Outsourcing part of security operations to expert firms is fast becoming a necessity rather than an optional strategy. There are several compelling reasons why this collaboration can yield higher return on investment (ROI) for an organisation.

    The cost factor

    Done in-house, security operations can be a significant financial drain on an organisation’s resources.

    From the cost of implementing and maintaining advanced security solutions to the expenses associated with hiring and training in-house cybersecurity teams, the financial ramifications can be profound.

    In addition to the considerable financial investments involved in maintaining robust cybersecurity infrastructure, one overlooked challenge that organisations face is the high attrition rate amongst cybersecurity professionals, which stands at around 20%2.

    GCCs are expanding extended security teams in India leveraging the targeted support and expertise from external firms. This allows them to optimise costs and provide efficiencies of scale

    Srinivas Potharaju

    Partner and Head, Digital Risk and Cyber

    KPMG in India

    srinivas

    An important factor contributing to the high attrition rate are the salaries. With the demand-supply gap standing at 30%,3 projecting a major skill challenge in the industry, organisations are grappling to find and retain the right cyber security talent. This has precipitated the astronomic increase in salary demands of cyber security professionals.

    Given this reality, there is strong strain on organisations to reevaluate their operating methods. Indeed, the need for a hybrid model – one that incorporates expertise from consulting firms – is already becoming evident.

    The ROI of expertise

    1. Optimise training expenses

      With the professional service provider taking over the security operations, an organisation can leverage specialised skills without investing on the recurring training on new security technologies and approaches.

    2. Better resource allocation

      Free up financial resources otherwise spent on constant recruitment and training. This can rather be channeled into strengthening security measures.

    3. Scalability and flexibility

      Security firms can take tap into their expert pool to easily scale their availabilities and capabilities. This provides organisations the agility to respond quickly to changing security landscapes and ensure their defensive posture remains effective, relevant, and efficient.

    Key considerations when selecting a SOC collaboration partner

    Choosing to partner with a consulting firm for the security operations of an organisation transcends a mere financial consideration; it represents a strategic shift.

    This collaboration can yield substantial cost benefits while also integrating unparalleled expertise into an organisation's security framework.

    In the current complex and evolving cyber threat landscape, no organisation can afford to be an island. Partnering with external cyber security firms, specialised in handling significant non-recoverable incidents like data breaches and ransomware attacks, allows the organisation to recalibrate their defensive posture, maximize their response capabilities without straining their internal teams

    Raghavendra B V

    Global Cyber Managed Services Leader, Partner and Head Cyber

    Transformation: KPMG in India

    raghavendra

    Beyond the tangible advantages, it infuses a sense of confidence, drawing assurance from the fact that an organisation's security environment is enhanced by the skilled minds of cybersecurity experts.

    When selecting a firm for expert partnership in security operations services, there are several key considerations that organisations should keep in mind.

    1. Firstly, it is important to assess the firm’s expertise and experience in detecting advanced threads. The firm’s capability in exploiting advanced technologies and leveraging automation across key tasks like threat detection, threat enrichment, and incident response can help the organisation to free up the analyst’s advanced threat hunting, governance and strategic decision-making.
    2. The experience firm[s] have in handling breach investigations and responses is a critical differentiator. The ability to effectively respond to breaches, commitment from the firm’s senior leadership to double-down on response efforts and provide actionable insights to guide the response activities are key for an organisation.
    3. The firm's approach to collaboration and communication is also a key consideration. Security operations require close coordination between the organisations. They should look for firms that prioritise open and transparent communication and have a collaborative mindset. This ensures that the services can seamlessly integrate with the organisation's existing processes and workflows, leading to more effective outcomes.
    4. Furthermore, it is important to consider the firm's ability to tailor their services to the specific needs and requirements of the organisation. Security operations function should not be a one-size-fits-all approach. A good firm will take the time to understand the organisation's unique security challenges, goals, and constraints, and develop customised solutions that align with the organisation's overall strategy.
    5. Another important consideration is the firm's understanding of the latest security technologies and trends. Security operations is a rapidly evolving field, and it is crucial to partner with a firm that stays up to date with the latest tools and attacker techniques. This ensures that they can provide relevant and effective solutions to address the organisation's security challenges. This can be evaluated by looking at the resumes of resources, articles published by the firm, thought leadership in industry forums.
    6. Lastly, organisations should consider the firm's reputation and credibility in the industry. Look for firms that are well-regarded by their peers and have a strong reputation for delivering high-quality services. A firm with a solid reputation is more likely to provide reliable and trustworthy expert assistance.

    Conclusion

    In conclusion, as we navigate through the increasingly intricate landscape of cybersecurity, it is becoming evident that organisations can no longer grapple with complex security operations in silos. What's needed is a collaborative and hybrid model, leveraging the expertise of external firms.

    Ally with the right expert and see the difference yourself. 

    1. Anticipation:

      Early detection of threats and vulnerabilities, enabling a swift combat response.

    2. Collaboration:

      Pooling of intellectual and technological minds to refine security operations.

    3. Enhancement:

      Continuous improvement of security measures in response to evolving threats.

    Take the right step towards a more secure business landscape by exploring the potential of an expertise assisted security operations service model. Shape the security future of your organisation with the right partner, making your defences more robust and agile in the face of evolving challenges.

     [1] Source: KPMG global tech report 2022.
    [2] https://www.isaca.org/go/state-of-cybersecurity-2022
    [3] https://economictimes.indiatimes.com/jobs/mid-career/india-inc-has-40000-cybersecurity-job-openings-right-now-heres-how-much-you-stand-to-earn/articleshow/101153786.cms?from=mdr

    Author

    Achal Gangwani
    Achal Gangwani

    Partner

    KPMG in India