Demystifying the SOC, Part 1: Whether You Know It or Not, You Need a SOC - Exabeam

Demystifying the SOC, Part 1: Whether You Know It or Not, You Need a SOC

May 04, 2021


Reading time
4 mins

Editor’s note: This post was first published on

This is the first in a series of a dozen or so blog posts entitled “Demystifying the SOC” covering several topics on security operations centers (SOCs). My goal is to help dispel many of the myths and answer many of the questions that I heard over thousands of conversations with clients while I was a technology analyst at Gartner covering SOCs.

When I was at Gartner covering Security Operations Centers (SOCs), I had hundreds of discussions with organizations looking reluctantly to build a SOC after a breach was declared, or to buy a security information and event management (SIEM) solution after failing an audit. “Isn’t it a waste?” they would often ask. “I’m a mid-market company selling widgets. Why would hackers be interested in me?”

As you’ll see, it’s very dangerous to assume you’re not a target. The good news is that you don’t need a Pentagon-style war room filled with scores of full-time screen monitoring security experts to have a SOC.

In fact, as I’ll discuss in Part 3, you likely already have a SOC. Here, I’ll break down the reasons you need a SOC.

You’re a Target

The mission of a Security Operations Center (SOC) is to keep the organization in a known good state, operating securely on a clean infrastructure. If, or rather when, the organization suffers a security incident, such as an insider threat, malware attack or data exfiltration attempt, the SOC is responsible for detecting, investigating and remediating the threat (TDIR) until it returns the infrastructure to that known, good state.

Why does every organization, including yours, need a SOC? First, there’s no such thing as an organization too small to be a target. According to Verizon’s 2020 Data Breach Investigations Report (DBIR), 28% of security breaches in 2019 targeted organizations with less than 1,000 employees. Further, according to IBM’s 2020 Cost of a Data Breach Report, the average total cost of a data breach was $2.64 million for organizations under 500 employees.

Perhaps you think that your organization or market category is not one with the type of sensitive data prized by a nation state or criminal hacker. However, this doesn’t mean that you are safe.

You’re not Safe

Even if your company isn’t directly a target, a hacker might use your company infrastructure to target a much larger organization, whether as part of a botnet launching a distributed denial of service attack on another company’s network, or simply as an entryway to a much better protected large enterprise. For example, the infamous Target attack of 2013 began with an email-based malware attack on an HVAC contractor for the nationwide mega-retailer. Hackers were able to penetrate the smaller, less protected HVAC company network and steal credentials that helped them breach Target’s security. The result: More than 110 million consumers’ credit card and personal information were exposed.

Your company may even suffer a cyberattack simply as collateral damage from an attack on a bigger target. The notorious non-Petya attack of 2017 targeted financial institutions in the Ukraine but also inflicted collateral damage on numerous other organizations worldwide using the same infected software update site. The losses were steep even though those companies were not targets, ranging as high as $870 million for pharmaceutical giant Merck, with a lot of smaller companies damaged in its wake.

The more recent SolarWinds attack is another example of organizations being collateral damage in a wide campaign.

Perhaps you think that you have all the required prevention tools, and that such a scenario cannot happen to you? In the next post, we’ll discuss why prevention is not enough. You need threat detection, investigation and response, you will need to bring your organization back to a known, good state, you truly need a SOC.


Similar Posts

Helping Interact Software Simplify Case Management While Increasing Visibility and Efficiency

Deloitte Implements Exabeam for Advanced Analytics on Insider Threats

Exabeam’s Cloud-based Security Operations Platform Improves Insights and Efficiency for BBS

Recent Posts

Exabeam News Wrap-up – Week of September 19, 2022

Exabeam News Wrap-up – Week of September 12, 2022

The 4 Steps to a Phishing Investigation

See a world-class SIEM solution in action

Most reported breaches involved lost or stolen credentials. How can you keep pace?

Exabeam delivers SOC teams industry-leading analytics, patented anomaly detection, and Smart Timelines to help teams pinpoint the actions that lead to exploits.

Whether you need a SIEM replacement, a legacy SIEM modernization with XDR, Exabeam offers advanced, modular, and cloud-delivered TDIR.

Get a demo today!