I recently had the pleasure of leading a project implementing a security monitoring solution in a small organization. Based on some common mistakes in implementations as well as misperceptions about Security Operations Centers (SOCs) I wrote a white paper which will hopefully serve as a helpful starting point for those in small and mid-sized organizations considering deploying a capability of this sort.
I discuss why a SOC or security monitoring infrastructure is as important to small and mid-sized organizations as it is to the largest organizations. Effective and efficient protection of data and resources is important to any organization and in the federal space it is required by FISMA. Solutions typically fall into two categories in this space, MSSP and in-house monitoring infrastructures. Regardless of the solution chosen, proper design, understanding the needs of the organization, and examining the threats faced are as important as the implemented technical solution. A poorly designed solution, or a solution that is implemented well and uses the most advanced technology can be just as ineffective at protecting an organization as no solution at all.
The paper discusses these issues, lays out the typical options available to organizations, talks about our specific experience, talks about some of the common pitfalls encountered, and ultimately shares some of our takeaways from the experience.
Implementing Security Monitoring in Small and Mid-sized Organizations White Paper