Enumerating the benefits of a dedicated ROC, Mayuresh Ektare, VP of Product Management, Qualys, says that far from being more than an evolution of the security function, ROC is an evolution of the business.
While the GCC continues on its trajectory of innovation and economic diversification, stakeholders are justifiably concerned about external factors destabilizing their transformation efforts. Adoption of AI, the convergence of IT and OT, the mass migration to cloud and multi-cloud environments — all present risks, and risks must be managed. By one count, the United Arab Emirates (UAE) endured an average of 1,546 cyberattacks per organization each week in the second quarter of last year, an 18% increase on the same period in 2023. The story is similar for its Gulf peers. How then do we protect our precious progress from the nefarious intentions of the threat actor?
Those entrusted with the defense of systems and data face many challenges, but at their forefront is the mismatch in skills and resources between them and their adversaries. Security suites tend to be fragmented, which is reflected in a global average of more than 70 tools per organization, each presiding over just one area — network, cloud, endpoints, and so on — with little data interplay. How are teams expected to whittle down the white noise to a manageable number of verifiable threats and mitigate harm efficiently? Considering the UAE average of more than 200 true attacks per day, this is a tall task for security teams, not to mention the volume of false positives that have to be eliminated.
Security teams are familiar with relying on an SOC for the correlation of security events to enable a coordinated incident response. However, I’d argue they will benefit even more from information that includes the potential financial and operational impact of knowing their enterprise risk even before an incident happens, so as to be better prepared and one step ahead. There is that word again: “risk”. Organizations need to have a risk operations center, or ROC, to manage decisions proactively around risk. The ROC provides a unified risk approach where asset inventories and risk telemetry are combined with business context and threat intelligence to form a single-pane, real-time view of the environment that makes risk triage more straightforward and relevant to each organization’s unique situation at any point in time.
Culture shift
It is important to note that the ROC is more than an evolution of the security function. It is an evolution of the business. Traditionally, security tools operate in silos — they assess the security of the assets they are protecting in isolation and as a consequence, the response to these signals is fragmented. These silos will have to be dismantled. Where we’re familiar with the attack surface, the ROC offers a central point that is cross-functional and designed to respond to changes in the “risk surface”.
The benefits of a dedicated ROC are plentiful. It gives birth to a new language that will allow for efficient communication of important information between finance, operations, HR, IT, and security. With everyone on the same page and with the same understanding of the biggest risks to the business, they can react more quickly and in lock step. Additionally, the presence of business context and the quantification of financial impact allows risk management to follow a path that aligns with broader business goals.
The SOC transformed incident response by bringing together data from different security tools. The ROC is going a step further by bringing in all the risk data — vulnerabilities, misconfigurations, policy violations — and overlaying it with threat intelligence and business context to make informed risk remediation decisions and transform the organization’s proactive defense.
No more firefighting
The ROC fulfils a long-held wish to cut through the white noise of risk signals and zero in on true dangers. Through a structured, repeatable process, the center leaves behind frantic, unfocused firefighting and replaces it with data-driven, business-aligned decisions. Risk management is now strategic, with each step automated, streamlined, and thoroughly understood by all stakeholders. Of course, “automated” implies a unified platform, one powerful enough to collate risk signals from a diverse set of detection tools and identify the indicators of exposure at scale. It will consume real-time threat intelligence and prioritize risks based on business context rather than just technical severity.
The ROC will reach into multiple environments in search of risk. For that to happen, however, and for risk managers to be able to use the right data and business context for mitigation, they need an enterprise platform that can act as the control center of the ROC and dole out the actionable insights needed to lower the organization’s risk. The ROC platform amalgamates risk assessment, prioritization, and remediation to create a comprehensive proactive security platform. It allows risk leaders to manage the environment deftly and accurately. It is capable of compiling and leveraging a unified asset inventory. It aggregates risk factors. It enriches the sum of its knowledge with up-to-date threat intelligence. It puts the business and its goals front and center in every actionable insight, prioritizing risks appropriately and orchestrating responses accordingly. And it ensures the utmost standards in compliance and executive reporting.
Leveraging uncertainty
Risk comes from uncertainty. The Risk Operations Center breathes some surety back into the enterprise by providing operational oversight for risk reduction programs. While nobody can guarantee what the future holds, much less one that is risk-free, the ROC gives risk managers more control over uncertainty and the ability to mitigate harm.