Put a SOC in It: What Storage Administrators Need to Know about Security Operation Center Integration

Put a SOC in It: What Storage Administrators Need to Know about Security Operation Center Integration

- by Eric Herzog, Expert in Data Protection

Storage admins know the deal. As soon as the security team gets a notification at the first sign of a possible cyberattack, a phone call is made to the storage admin, as part of reactive efforts to protect the enterprise’s mission and business-critical data. Precious minutes and seconds tick by, as this hand-off transpires. The storage admin has to stop what he is doing, shift gears, and focus on the fact that a cyberattack could be underway.

A storage admin needs to ask the right questions and be laser-focused on the optimal outcome, safeguarding the data, which is the lifeblood of all enterprises today. Will the response be fast enough to take a snapshot of all the data, so it can be recovered rapidly after a ransomware attack or other type of malware attack? The security of the data infrastructure is hanging in the balance. How can the rapid recovery of a known good copy of data be ensured?

Without an automated process to capture immutable snapshots of the data before it gets encrypted, corrupted or taken hostage through a ransomware attack, the reaction is, in all likelihood, too cumbersome – indeed, too slow. The attack happens so fast that the loss of even seconds can make a significant difference in whether the enterprise can resist, withstand and recover from the cyberattack. Instead of being the hero, the storage admin could be seen as also-ran in the aftermath of a security incident.

What can be done differently?

Integration of automated, cyber storage capabilities into your Security Operation Centers (SOCs) is the way for more dynamic cyber resilience of the storage infrastructure, as well as the entire data center. Storage admins may need a new appreciation and a deeper understanding of SOCs and how being tied into them can help immensely on the storage front in the midst of the inevitable cyberattack.

A SOC is designed to make sure an enterprise has the most coordinated and effective capabilities for threat detection and response, as well as prevention. Storage needs to be tightly integrated into a SOC strategy because the SOC really does unify all the cybersecurity technologies, including the emergence of cyber resilience tech. Think of it as a form of orchestration! And now, due to new technological innovation, cyber resilient storage capabilities can help reduce the threat window.

As most IT professionals know, a SOC is dedicated to monitoring the enterprise’s entire IT infrastructure – and they do it seven days week, 24 hours a day, 365 days a year. It is supposed to detect and respond to any security-related incident in real-time. IT is continually analyzing threat data.

What if a trigger can be defined for cyber storage to proactively take action based on a security incident?

An enterprise’s security team can put all its information from security operations through an enterprise storage intelligence grid to create the most sensitive triggers that often get missed by existing technologies and techniques. IT solution providers have identified this ability to automate data snapshot commands and data pathways as critical to early detection and worry-free cyber recovery that minimizes the effects of even the most vicious and deceptive cyberattacks of malicious actors.

Your enterprise needs automated cyber protection, utilizing triggers that security teams define based on security incidents, even barely detectable aberrations that require a deep scanning of the cyber infrastructure.

You need a cyber storage capability that orchestrates the automatic taking of immutable snapshots of data, at the speed of compute, to stay ahead of cyberattacks by creating a cyber realm to cut off the proliferation of data corruption.

Further, you need an automated cyber protection solution that easily integrates into SOC environments to add a powerful cybersecurity capability to an infosec’s team’s toolbox in the security infrastructure. It enables more dynamic monitoring that speeds up response to the start of a cyber issue and enables a “handshake” between monitoring for security incidents (the event) and expressing the fabric of core storage – the data (the outcome).

This integration of cyber resilient storage into SOC extends the thinking beyond traditional storage to span the layers of cyber infrastructure that need to be reshaped for today’s emerging cyberattack vectors and more sophisticated AI-driven infiltration designed to inflict harm to enterprises. It’s time for storage to put a SOC into it.