SOC as a Service and the Work-from-Anywhere Trend

Your customers need your knowledge and expertise to help secure their remote workers.

SOC as a service providers

Security Operations Center (SOC) as a Service providers always need to be ready for anything. No one, however, could have predicted 2020’s country-wide shutdown, with thousands of people scrambling to find ways to work at home. Although each situation is unique, businesses and organizations fall into two general categories: those that were prepared and those that were not.

Sam McLane, Chief Technology Services Officer at Artic Wolf, says your clients with well-developed business continuity plans were ready to accommodate a suddenly remote workforce, including cybersecurity, to protect their networks. Unfortunately, many other organizations don’t address cybersecurity proactively.

“Most companies view cybersecurity as a responsive endeavor, and preparation and planning for bad get left to the side,” McLane says. “The level of maturity a company has with regards to cybersecurity is measured, in part, by how well integrated their proactive and reactive measures are linked, communicated, and practiced.”

“Organizations with no plan in place likely faced greater risk exposure to cybersecurity threats because they were more focused on keeping their business running on a day-to-day basis, and the cybersecurity threats that could arise,” says McLane.

Security Risks from a Remote Workforce

McLane says there is a major exposure when employees work from home on personal devices and use their own internet connections to access the corporate network and data. Issuing corporate-owned laptops can only solve part of the problem.

“Even with a corporate laptop, the consumer-grade modem and the internet connection itself – Wi-Fi, in particular – create risks,” says McLane. “A virtual private network (VPN) is a standard best practice that provides a secure, encrypted connection. Enabling multifactor authentication with the VPN adds another security layer.”

He adds that the misconception based on trust in the home environment creates another vulnerability. “People tend to let their guard down when at home and put that guard up at the office or while traveling for business,” he explains. “Many employees new to working from home do not establish this boundary until something bad changes their perspective.”

SOC as a Service Providers Step Up

Organizations working with SOC as a Service providers have the advantage of a trusted advisor in their corner who is prepared to support them in disasters and emergencies. When workers are forced to work off-site, McLane says, “SOC as a Service providers should also have a renewed focus on patching vulnerabilities, implementing access controls, and reviewing their VPN access policy.”

He advises SOC as a Service providers that the best tools to use when disasters arise are the solutions you currently have in place. “Introducing new tools is always challenging and could only introduce new operational challenges,” says McLane. “What MSPs should do is doubling down on the use of their electronic communication and ticketing tools and the documentation they place within them, so everyone has access to the information they need wherever they are.”

The Arctic Wolf Concierge Security Team recommends that SOC as a Service providers:

  1. Ensure that endpoint protection is deployed, updated and integrated into the SOC as a Service solution. Also, enable additional endpoint telemetry and remote containment by deploying agents to all endpoints.
  2. Require multifactor authentication, especially for VPN and cloud services, and monitor activity. Strengthening authentication requirements is a critical proactive measure organizations can implement to minimize risks a remote workforce introduces.
  3. If an organization changes its infrastructure, notify the SOC as a Service vendor. Your partner’s team monitors activity and will alert you and your clients if they detect security issues. However, informing them of infrastructure changes will help them proactively address risks.

Always be Prepared

McLane points out, “Due to the very nature of managing security operations for customers, SOC as a Service providers must always be prepared for business continuity in the event of emergencies or disasters.”

He says the current situation that workforces in the U.S. – and the world – are facing requires that you build your business on systems and tools that can be accessible by the entire team no matter where they are. When it’s business as usual, a stronger strategy will be in place, and if disaster strikes again, you’ll be ready.