Making the Case for a Converged IT & OT Security Operations Center (SOC)

Making the Case for a Converged IT & OT Security Operations Center (SOC)

This article was updated on December 28, 2022.

With the responsibility to stay ahead of all cybersecurity threats, CIOs and CISOs certainly feel the pressure. Oftentimes, these security leaders “grow up” in IT-centered roles, leaving them feeling like they’ve got IT threat detection and response under control. But, what about the operational technology (OT) side of the company? For companies with an existing security operations center (SOC), no matter the model, OT systems can and should be integrated into the mandate of its existing function. To better manage cybersecurity risks for all connected devices, many organizations are integrating ICS security supervision into their IT practices, including developing a converged IT and OT SOC.

A SOC is a team, sometimes working at a dedicated facility, whose primary role is to manage and mitigate cybersecurity threats. This team of security analysts and engineers monitors network and device activity to identify and thwart issues. As a result, they protect the business and its sensitive data, plus ensure compliance with industry and government rules.

SOCs can take many forms – from virtual to co-managed to a dedicated, in-house function. Choosing the right model will depend on a company’s needs and resources. Many companies are opting for a SOC over other options as they strive for more control over security monitoring and how they handle threat mitigation.

There are several reasons why companies should consider creating a converged IT and OT SOC. This model combines the capabilities of both sides, which are traditionally separate entities, into a single unit. Here are a few benefits companies experience with an IT/OT SOC:

  1. Stronger security: By combining IT and OT expertise and resources into a single unit, a converged IT and OT SOC provides a more comprehensive approach to security that considers the unique characteristics and vulnerabilities of both types of systems.
  2. Increased efficiency: A converged IT and OT SOC can streamline the detection and response process by eliminating the need to transfer incidents between IT and OT teams and reduce the time it takes to resolve security issues.
  3. Enhanced visibility: A converged SOC provides a unified view of threats and vulnerabilities, delivering the complete situational awareness needed to protect both the business and industrial sides of an organization.
  4. Better collaboration: By bringing IT and OT experts together in a single unit, a converged SOC encourages collaboration and communication between the two groups. To properly protect OT systems, it takes both IT skills and OT knowledge. Many teams find it easier to train IT people on OT sensitivities than to train OT people on IT cybersecurity skills. This is easier to accomplish with a unified SOC.

Transitioning to an IT / OT SOC – 3 Key Considerations

While choosing to move to an enterprise-level SOC is an important choice, it will take time and thought to execute. OT systems come with security challenges that are unique. Meeting OT’s security needs will require a deeper knowledge and understanding by the overarching SOC team. Before beginning a transition, consider and discuss how to tackle these three critical areas:

  1. Technology: It’s important to ensure that any solutions or software meet OT’s specific requirements and can also integrate seamlessly into the existing IT SOC infrastructure. Both are equally important. A gap on either side will create barriers to a successful transition.

  2. People: An enterprise-level SOC is going to need people who specialize in industrial cybersecurity. These new team members might work out of the company’s dedicated facility, or they could be part of a virtual or extended team. No matter how it’s resourced or staffed, expert industrial and OT knowledge will be a necessity. One way to keep costs down and avoid issues with sourcing quality staff is to provide the appropriate cross-training for existing SOC team members.

  3. Accountability: The only way to truly bring IT and OT together into one SOC is to create a culture of unity, starting from the top down. First, it will be important to have the teams report to one leader – the person ultimately responsible for companywide cyber risk – and to share common goals and KPIs. Then, as teams begin to merge, they should go through exercises to get to know one another and understand the others’ priorities and challenges. The more quickly they can work seamlessly as a team, with speed and agility, the more successful the IT/OT SOC will be at achieving its goals and delivering business value.

Cyber Resiliency for Every Connected Device: The Way Forward

A converged IT/OT SOC is a forward-thinking way to address and mitigate cyber risks companywide. This structure taps into the individual strengths of IT and OT team members, ultimately creating a faster, comprehensive and more cost-effective approach to digital risk management. We believe this approach is not just a trend, but the future norm, paving the way for more advanced use cases like SOAR for OT and cyber data lakes. That’s why we’ve worked so hard to build our customers an industry-leading solution that seamlessly integrates OT and IoT cybersecurity and visibility capabilities into IT infrastructure.

If you’d like more information on how our solution can support you on your journey to a converged IT and OT SOC, read our executive brief below.