A Lesson From Today: The Importance of a 24/7/365 SOC
Written by Industry Expert & Quadrant Director of Managed Security Services, Josh Copeland (connect)
Opinions for this series are solely those of Josh and do not necessarily reflect those of Quadrant Security.
--
Everyone is talking about the CrowdStrike incident, and with a 25% market share (depending on which report you use), it is a HUGE thing. I'm returning home today, and of course, my flight is delayed. Let's look at this from another perspective.
Bad updates happen; anyone who remembers early Windows updates knows this. Automatic Updates are also a fact of life. They eliminate the traditional dev/test/prod cycle that we often use for other updates. Let's be real: We want automatic updates on our EDR solutions. When new malware is found, seconds count, especially when you have small IT/Cyber teams.
This is why having a 24/7 security operations center is so critical. When do you want to find out something has gone wrong? At 1am when it happens, or hours (even days if it occurs on a weekend) after it happens, and you have an even more significant impact?
24/7/365 SOCs give you strategic insight. Not only will they see that something has gone wrong, but they can also see the larger systematic view and the true scope of the issue. They can sound the alarm and kick off the actions to "stop the bleed" and get the right resources in to start doing mitigation. If you are using a managed SOC, you could get even better insights because they might see it occur in another organization first and be able to proactively notify you and prevent you from having the issue at all.
The Bottom Line: Outside of compliance requirements, a 24/7 SOC can be a force multiplier. Learn more about ours here, or contact us.