A SOC team is to information security as a defensive team is to NFL football. Being a Monday morning quarterback for your favorite team can be an enjoyable pastime after a close game. Unfortunately, the same can’t be said the day after a major breach. This is why you need your SOC team to be better defensive players than the those on the Carolina Panthers.


Just like a good defensive coordinator, successful CISOs need to manage their playbooks and assistant coaches to create a strong defense. Ease the pain of communicating with your team with automation. To see how easy it is, book a demo here and start getting your players on board.

How the SOC Team Plays D


Everyone knows the cliche, “the best offense is a good defense.” Cliches are popular because they have truth to them.


NY Giants fans watched the 2016 season with dismay. No matter how good or bad Eli Manning and the offense were, the average loss of 420 yards per game made them destined to a losing season.


The same is true for information security. An organization can have strong controls and a solid IT management team, but without the right defensive team in place the chances of a breach increase.


For organizations over 500 employees that may have more than 1000 devices, a team dedicated to intercepting malicious intruders helps to secure data. SOC teams act as a cohesive unit that engineer solutions while monitoring and responding to threats. By formulating your strategy around your risk tolerance and SOC team, you stay a step ahead of the malicious attackers.  

How to Build the Best SOC Defensive Team

Building the best SOC team means thinking like a strategist. The majority of CISOs say that the cybersecurity skills gap is one of their biggest hurdles. SOC teams help navigate this disconnect. To protect your team against unwanted goals, you don’t just want the big, tough guy. You need to balance the different needs of your team with the skills that lead to success.


The first step is to look internally. Reorganizing your IT department may be the way to create the right SOC team. If you already have people who are strong at security work but have other responsibilities, it may be most efficient to allow them to focus on protection. However, you might need to find new people to bring into the organization, as well.


Monitoring and Alerting Create Your Defensive Line


As the name implies, this is your first line of defense. Before an attack occurs, you need to have the defensive line monitoring your systems. Defensive ends are among the most important positions in football because they hold the line of scrimmage and don’t let anyone past them.


It may seem like your firewalls and system controls would respond to these needs; however, human monitoring and patch updates are necessary to keep those intruders out. Ensuring that you have dedicated people monitoring and alerting management of problems keeps your organization aware of threats.

Escalation Is Your Linebacker

Linebackers typically back up the defensive line. If your defensive ends and defensive tackles miss something while monitoring your systems, you need that back up to help tackle the ball carriers who get through.


Escalating incidents up the chain of command backs up the monitoring of your controls. Just like a defensive coordinator needs to have the right plan for each matchup, your organization needs to have the right escalation protocol for each potential type of event.


A fact of the modern information ecosystem is that malicious attackers are almost always one step ahead of enterprises. This means that you will need those back up players on your SOC team.

Remediation Is Your Cornerback


As the fastest players on the defense, cornerbacks support the run, blitz the quarterback, and cover the wide receiver to try to intercept passes.


Your remediation does exactly the same thing for your organization. That hacker gained access to your system, but now you need someone who can fix the hole that allowed the attacker in. That person needs to be able to intercept any additional malicious actors from exploiting the same vulnerability.

Investigation Is Your Safety

Safeties are the last line of defense. They need to be strong and fast to cover the tight ends, running backs, and wide receivers that broke through the line of scrimmage. Safeties can overcome the problems that happened at the defensive line.


If you can’t keep the attackers out 100% of the time, you need to know how to protect yourself afterward. This calls for the investigative team. They target the problems that led to the attack and help find ways to keep it from happening in the future.

Automation Makes Your Defensive Coordinator Job Painless


Any good defensive coordinator will tell you that communication is key to a strong team. Having seamless communication between the members of your SOC team and your IT management team strengthens your defense against intruders.


Coordinating tasks across multiple individuals often relies on email threads and meetings that get lost in the shuffle of everyday work. ZenGRC allows you to track the different moving parts of your compliance and monitoring activities. Whether it’s verifying that someone escalated an event appropriately or patched a vulnerability, compliance automation introduces visibility into your defensive strategy.