This website requires certain cookies to work and uses other cookies to help you have the best experience. By visiting this website, certain cookies have already been set, which you may delete and block. By closing this message or continuing to use our site, you agree to the use of cookies. Visit our updated privacy and cookie policy to learn more.
This Website Uses Cookies
By closing this message or continuing to use our site, you agree to our cookie policy. Learn More
This website requires certain cookies to work and uses other cookies to help you have the best experience. By visiting this website, certain cookies have already been set, which you may delete and block. By closing this message or continuing to use our site, you agree to the use of cookies. Visit our updated privacy and cookie policy to learn more.
Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • Home
  • News
    • Security Newswire
    • Technologies
    • Security Blog
    • Newsletter
    • Web Exclusives
  • Columns
    • Career Intelligence
    • Security Talk
    • The Corner Office
    • Leadership & Management
    • Cyber Tactics
    • Overseas and Secure
    • The Risk Matrix
  • Management
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • More
  • Physical
    • Access Management
    • Video Surveillance
    • Identity Management
    • More
  • Cyber
  • Sectors
    • Education: University
    • Hospitals & Medical Centers
    • Critical Infrastructure
    • More
  • Exclusives
    • Security 500 Report
    • Most Influential People in Security
    • Top Guard and Security Officer Companies
    • The Security Leadership Issue
    • Annual Innovations, Technology, & Services Report
  • Events
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
    • Security 500 West
  • Resources
    • The Magazine
      • This Month's Issue
      • Digital Edition
      • Archives
      • Professional Security Canada
    • Videos
      • ISC West 2019
    • Photo Galleries
    • Polls
    • Classifieds & Job Listings
    • White Papers
    • Mobile App
    • Store
    • Sponsor Insights
    • Continuing Education
  • InfoCenters
    • Break-in Prevention
    • Building AppSec in Enterprises
    • Video Management Systems
  • Contact
    • Editorial Guidelines
  • Advertise
Home » Reducing the Chaos: How to Create a Security Operations Center that Helps
Security Enterprise ServicesSecurity Leadership and ManagementSecurity & Business Resilience

Reducing the Chaos: How to Create a Security Operations Center that Helps

SOC
September 24, 2019
Rémi Bréval
KEYWORDS alarm monitoring / first responders / management / Security Operation Centers
Reprints
No Comments

In March 2017, drivers on a Montreal highway were stuck for more than 12 hours in 15 inches of snow. Generally, the city is very efficient at keeping highways clear even in extreme weather. But, because of a lack of coordination and an inability to share information between first responders, various highway authority groups, and the city, more than 300 motorists were stranded in their cars overnight.

All of this could have been avoided if Montreal had a centralized location that connected operations and stakeholders to allow them to efficiently and securely share information. What the city needed was its own version of a security operations center (SOC).

A SOC is a centralized unit where personnel manage operations. It’s a single location that houses multiple systems, including video management, access control, IoT, RADAR and ALPR, and gives a variety of stakeholders’ access to those systems. The goal is to provide a common framework and understanding for any situation. For security operators, a SOC can also provide both support for day-to-day functions and greater situational awareness when they respond to events and incidents.

Globally Distributed Security Operations Centers

Large organizations, like McDonalds or Starbucks, can create a Global SOC, or GSOC, to help manage operations centrally. A GSOC is a series of distributed SOCs across multiple locations. Global banks and railway systems are good examples of organizations that deploy GSOCs. In both cases, individual banks or train stations can have a local SOC, which can be federated across an entire country or around the world in a GSOC. 

By federating individual SOCs, organizations make it easier and safer to share resources between locations. As you would expect, the benefits and challenges of working in a SOC or GSOC are very much the same. They just scale depending on the size of the network and the amount of data being collected and shared.

Not all SOCs are Created Equal

The make-up of an individual SOC depends largely on the organization and the technology deployed in it. A SOC that’s not well considered can actually create more problems than it solves. For example, by bringing together a wide range of sophisticated systems, a SOC can create a chaotic environment for security operators. According to Cisco’s Security Capabilities Benchmark study in 2018, 90 percent of alarms that come through a SOC are, in fact, false or nuisance alarms. This causes alarm fatigue in operators. 

A false alarm can be anything from a motion detector that sets off an alarm in the SOC every time it senses a piece of debris to an alarm being triggered every time a sensor loses power. In the short-term, this can lead security operators to ignore or turn off nuisance alarms, leaving the system and the organization vulnerable. In the long-term, burn out can play a significant role in frequent operator turnover.

Information Overload—Can There Be Too Much of a Good Thing?

Adding to the chaos can be the sheer volume of information coming into a SOC. While false alarms involve notifications for non-events, information overload occurs because a system rightly signals that an event has happened, including a forced door, a scofflaw vehicle entering the parking lot, or a camera going down.

By themselves, these events are not an issue. But the average SOC has more than 20 systems, all designed to inform security personnel when an event occurs. This results in a constant stream of information coming into a SOC.

It’s easy to see why operators working in even a small SOC might feel overwhelmed. But, for larger organizations, the impact is much greater. The SOC at large international airports can see 5,000 events per second, or half a billion per day.

As with the volume of false or nuisance alarms, managing this constant stream of information can also lead to frequent operator turnover. When turnover rates are high, organizations are forced to spend extra time and resources constantly training new personnel. With so much information coming in, what operators really need is a way to determine which events are truly important, what needs to be investigated and how urgently that investigation must occur.

The role of a Collaborative Decision Management System

In order to address their challenges, organizations need to develop a SOC that truly supports operators. A key component of an effective SOC is a collaborative decision management system.

A collaborative decision management system first groups together detected events — a blacklisted plate in the parking lot, a perimeter breach at the fence, and a forced door into the facility — to create a qualified incident. It does this by recognizing that a series of events has happened in close proximity, which suggests to the system that something is occurring. It then links those separate events together to create a larger picture.

Based on this, the system then alerts the SOC and identifies this incident as having a higher priority. Because the collaborative decision management system can also send the associated video feeds with the alarm, operators don’t have to search through hundreds or even thousands of other camera feeds to view the activity. This improves safety and security by allowing operators to prioritize their responses with confidence and deal with incidents that require immediate investigation in the appropriate time frame.

Helping security operators perform their daily tasks effectively and efficiently benefits us all. When a SOC’s collaborative decision management system can create qualified incidents, it helps personnel focus on what’s really important — keeping us safe and secure.

Subscribe to Security Magazine

Photoheadshot_rmi-brval_formal_lrg_print

Rémi Bréval is Product Group Director, Mission Control at Genetec. In this role, he is responsible for the growth and success of the group by overseeing commercial, product management, product marketing, development and delivery leads. Prior to this role, Rémi worked as the Associate Director of Product Technologies.

 

Related Articles

Creating the GSOC: 4 Leading Examples of Successful Security Operations Centers

How to Strategize for Long-Term Global Security Operations Center (GSOC) Success

Related Events

A4M 27th Annual World Congress

You must login or register in order to post a comment.

Report Abusive Comment

Subscribe For Free!
  • Print & Digital Edition Subscriptions
  • Security eNewsletter & Other eNews Alerts
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Popular Stories

Dispelling the Dangerous Myth of Data Breach Fatigue; cyber security news

Major Retailer Macy's Is Hacked

server room, cybersecurity, penetration testing,

Explained: Firewalls, Vulnerability Scans and Penetration Tests

ransomware-enews

British American Tobacco Suffers Data Breach and Ransomware Attack

cyber network

How to Achieve Cybersecurity with Patience, Love and Bribery

cybersecurity-blog

European Hotel Group Suffers Data Breach Impacting 600,000 Hotels Worldwide

SEC2019_Everbridge_1119_360x184customcontent

Events

December 17, 2019

Conducting a Workplace Violence Threat Analysis and Developing a Response Plan

There are few situations a security professional will face that is more serious than a potential workplace violence threat. Every security professional knows and understands that all employers have a legal, ethical and moral duty to take reasonable steps to prevent and respond to threats of violence in their workplace.
January 23, 2020

The Value of a Unified Approach to Critical Event Management

From extreme weather to cyberattacks to workplace violence, every organization will experience at least one, if not multiple, critical events per year. And in today’s interconnected digital and physical world, the cascading safety, brand, and revenue impacts of critical events are more severe.
View All Submit An Event

Poll

Emergency Communications

What does your enterprise use to communicate emergencies to company employees?
View Results Poll Archive

Products

Effective Security Management, 6th Edition

Effective Security Management, 6th Edition

 Effective Security Management, 5e, teaches practicing security professionals how to build their careers by mastering the fundamentals of good management. Charles Sennewald brings a time-tested blend of common sense, wisdom, and humor to this bestselling introduction to workplace dynamics. 

See More Products
SEC500_250x180 clear

Security Magazine

SEC-December-2019-Cover_144px

2019 December

This month, Security magazine brings you the 2019 Guarding Report, featuring David Komendat, Boeing CSO, and many other public safety leaders to discuss threats and solutions for 2020 and security officer training. Also, we highlight Hector Rodriguez, Director of Public Safety and Security at Marymount California University, CCPA regulations, NIST standards, VMS and much more.

View More Create Account
  • More
    • Market Research
    • Custom Content & Marketing Services
    • Security Group
    • Editorial Guidelines
    • Privacy Policy
    • Survey And Sample
  • Want More
    • Subscribe
    • Connect
    • Partners

Copyright ©2019. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing