In this post we are going to discuss another component of corporate environments that becomes increasingly important in a larger business’s daily operations, the Security Operations Center, or SOC. The SOC usually operates alongside a Network Operations Center, or NOC, another critical environment that we will discuss in a separate post.
First and foremost, what is a SOC and why should you have one? As a business grows and gathers more assets and attention, the unfortunate reality is that the business becomes a target for crime across multiple spectrums; cybercrime, physical crime, and financial/white collar crime. It is critical that businesses are prepared to both prevent and respond to these types of attacks, and that they are capable of doing so in-house. The security and very health of your organization is usually not worth outsourcing to a third party to monitor. After dozens of successful SOC installations, the Hiperwall team has learned best practices that we want to share with any customers or partners considering an investment in the security of their business.
First and foremost, the SOC is not a public part of the corporate environment. We’ve discussed corporate lobbies and huddle rooms in other posts on our website, and it’s important to note from the outset that the SOC is usually deeper in the corporate building or campus. Access is limited to key personnel and company leaders, and ID verification is usually required to enter the SOC in the form of a scanning badge or access code.
Upon entering the SOC, the vast majority of SOCs have a large, central video wall that informs the entire occupancy of the SOC. The size of the LED video wall will depend on the size of the room and usually the size of the company or organization itself. A good rule of thumb is that the central video wall of the SOC really should not have less than 16 monitors, at a bare minimum. This 16 monitor array is usually laid out in a 4x4 pattern, and we recommend 55” LCD displays from our partners NEC, ViewSonic, and Planar. If you have a hardware vendor you prefer to work with, that’s great. Hiperwall’s software is more than compatible with any hardware vendor but we usually recommend these three based on the success of past projects. So this large central video wall, just like the ones you see in the movies and TV shows where the actors retreat to the “Situation Room” or some equivalent, is a great starting point for the design of your SOC.
Next, you need to figure out the layout of the room and the use of the ground space. A common division of space is to organize folks by department or response specialty. You want the folks monitoring security cameras to be sitting together, you want the cybersecurity team grouped up, and any other specialties or divisions to be nearby so that everyone is not attempting to yell across the room to each other. Each team member has their own workstation and multiple monitor setup so they can monitor their assigned content. We’ve seen individuals working with their own computer and between 2-5 monitors at their desk in most standard configurations.
So now you have a central video wall that informs the entire room, you have departments or subdivisions in the room to organize team members, and you need either one orchestrator or multiple managers to coordinate the entire effort. The two options are to have one central person that personally operates the large, central video wall, or to allow each team member to send content directly up to the wall themselves, as we discussed in a previous article. In a general blog post like this it’s hard to advise clients on which configuration they should pursue without knowing their specific needs. Generally we like to take the best of both worlds and design the SOC such that a central person is directing each team and has control of the central video wall, and the team members working at the individual stations can choose which content to send up to the video wall. This way each team member is empowered to help the effort, and a central voice is there to ensure things run smoothly.
As for the content that people normally display in these SOCs, it can vary but the core fundamentals are the same in most any SOC. Most SOCs display either physical security cameras or IP Cameras, security software, internal network information and diagnostics, and the content that the individual operators are interacting with on their assigned work stations. These are the most common examples of content used in SOCs, but we’re happy to send over specific content for your industry if you reach out to us.
For more information and more advice on beginning the construction of your SOC, it’s best to reach out to us individually to have a conversation. In this article we shared that SOCs are distinct environments that not every employee will have access to, there’s almost always a central video wall that the entire team works from, and individual workstations that contribute to seeing the big picture. Building an SOC is no small feat, and the mistakes can be costly if you try to build it alone. Reach out to Hiperwall today and we’ll send over more information and best practices on building your custom SOC.