The Middle East has a history of high-profile targeted cyberattacks against oil and gas (O&G) infrastructure. The massive cyberattack on Saudi Armaco, one of the largest oil companies in the region, and recent attacks against banks and financial institutions in the Middle East with the biggest one being against Qatar National Bank in Doha mean more organizations recognize the need for security monitoring and response.
Governments in the Middle East are also focusing more on cybersecurity, releasing cybersecurity frameworks and mandating country-specific regulatory policies, such as National Electronic Security Authority (NESA) in the United Arab Emirates (UAE), Qatar Central Bank (QCB) in Qatar and Saudi Arabian Monetary Agency (SAMA) in Saudi Arabia. These policies emphasize the need to have efficient monitoring and detection in place.
“The Middle East region has specific requirements and constraints when it comes to security.”
A security operations center (SOC) is both a team, often operating in shifts around the clock, and a facility dedicated to prevent, detect, assess and respond to cybersecurity threats and incidents, and to fulfill and assess regulatory compliance.
Gartner predicts that by 2019, 50 percent of all security operations work in large and midsize enterprises will be conducted out of an owned or a shared security operations center, up from 15 percent in 2015.
“The Middle East region has specific requirements and constraints when it comes to security,” says Rajpreet Kaur, senior research analyst at Gartner. “While organizations here are moving to set up security operations centers, the adoption model is different from other parts of the world.”
The decision on which type of SOC to adopt is based on four main considerations:
- Many organizations only want local nationals to access their network and perform security-related operations.
- Organizations, especially government, financial and a few O&G companies, do not want their data to leave the premises.
- Some organizations do not mind the data leaving the premises, as long as it remains in the country.
- There is a shortage of skilled staff to manage the latest technologies implemented in security operations centers, and to interpret and act upon the alerts that are generated by the monitoring.
These factors create a unique set of requirements for enterprises in this region for security monitoring and operations, leading many to consider an SOC.
Select an SOC
Enterprises in the Middle East typically choose one of four SOC models:
- Outsourced on-premises SOC model: This SOC has a dedicated 24/7 team at a dedicated facility inside the organization. The SOC staff is employed by a service provider, but work on-premises. This is most common for government agencies, financial institutions and a few O&G companies that have a shortage of skilled staff and do not want anyone managing their SOCs remotely.
- Virtual outsourced SOC model: Service provider staff log into the customer’s network remotely and perform the SOC-related operations. This model does not require the customer to send its logs off-premises. This is a cost-effective SOC model, and a majority of organizations are adopting this model.
- Locally outsourced SOC model: Organizations send their logs to a service provider that manages their SOC operations in the same country as the client.
- Dedicated SOC: Some large enterprises want to build their own SOCs and have their internal team managing it. They hire a service provider to build the SOC for them and develop the capabilities, and then gradually hand it over to the enterprise’s internal team.
“Organizations should first assess their internal security capabilities and the security monitoring and detection capabilities they need to have in place, then select an SOC model that meets their requirements,” says Kaur.
Small or midsize businesses with budget constraints should check with local telecom providers that are also extending their services to provide managed SOC services.