What Makes a Successful Security Operations Center

By Eric Jackel

The business world is getting ever more complex, isn’t it? Because of this companies must decide how to scale their security operations accordingly, and the concept of a security operations center (SOC) is now discussed more than ever. Today, I will go over what a security operations center is, how it works and how it can transform your security strategy.

What is a Security Operations Center?

A SOC is a facility staffed with a team that monitors and analyzes an organization’s security status on a constant basis. It is composed of the three essential building blocks of security — people, processes and technology — that comprise an organization’s security program.

The goal of a SOC is to offer dedicated, 24/7 security to protect a business from threats, both physical and cyber. At a SOC, the security team detects, analyzes and responds to incidents using security technology such as video surveillance, access control platforms, and audio technology, all backed by advanced video analytics.

A SOC is typically staffed with a range of security specialists and IT professionals, while supervisors and managers oversee all operations. At Prosegur, we staff our SOCs with people who swap duties throughout the day so we constantly have a fresh set of eyes on every monitored location. Many SOCs also employ security officers or work with a business’s existing provider so they can respond to events in real time.

While some companies create their own SOCs, many contract third-party experts. These security providers, like Prosegur, can work with an organization to create an effective security strategy to meet business-specific goals and comply with any industry standards. Additionally, some security companies also offer other services, such as after-hours emergency maintenance, so businesses can have peace of mind that their sites are secured around the clock.

security-operations-center-01Benefits of a Security Operations Center

Adding a SOC to your security program can result in many improvements:

24/7 security: A SOC can provide round-the-clock monitoring so your facility is secure, even overnight when threats are more likely.

Early threat detection: By dedicating their time to defending your business against any type of risk, a SOC team can identify potential threats ahead of time and prevent them from impacting your organization.

Immediate response to events in real time: With remote monitoring and advanced video analytics, a SOC team is equipped to address security incidents as they happen.

Reduced security costs: By outsourcing your security needs to a SOC, you can use a subscription-based “pay as you go model” so you only pay for the security services that you need.

security-operations-center-02How to Build an Effective Security Operations Center

Using a SOC to manage your security needs can mitigate losses and save costs, improving the effectiveness and efficiency of your security program. Many organizations especially in the shipping and logistics industries, such as distribution centers and ports, have invested in SOCs. These facilities typically operate overnight and have hundreds of feet in fence line alone; deploying even just one guard to monitor the area can be costly and inadequate.

However, by using a SOC to oversee their security, these companies essentially have an on-demand service that leverages technology to accept overnight deliveries and observe the facility without requiring staff onsite. This in a way makes the SOC an extension of the client’s business.

If you’re considering using a security operations center to oversee your program, here are three steps to get the best return on your investment:

security-operations-center-031. Invest in your supervisors

If you’re going to invest in a security operations center, then you also need to invest in the people who oversee it. In the security industry we see a lot of turnover on the front lines. But security supervisors and managers are usually internally promoted, so they have the experience to understand situations quickly and organize an effective response.

Although technology has come a long way, there is still a huge human element in security. Your supervisors’ performance directly impacts the effectiveness of your SOC. When a security officer sees something unusual on a camera feed, they might not know how to best respond. But a skilled and effective supervisor can step in to advise the officer on what to do, like process an alarm or contact the authorities. Not only do you get a quick and concise response, but the officer watching the feed also receives memorable on-the-job training.

A SOC team with strong leadership is often highly organized with a clear hierarchy, so the team members know they have support when they need it. This allows for flexibility within the team so they can constantly have eyes on the situation. If one security officer notices something on a camera feed, they can have another team member deploy a response, all while monitoring the situation in real time.

By developing your team, you can give them the skills and direction they need to become successful supervisors and managers. Investing in your team also can add additional layers of protection to your SOC. A seasoned security supervisor has been through many different scenarios, so effective responses have become almost second nature. With a skilled supervisor at the helm of your SOC, you can trust that your team can perform at a high level.

security-operations-center-042. Perform quality control checks regularly

Simply having a security operations center isn’t enough to maximize your security program’s effectiveness. If your SOC doesn’t perform well or actually reduce intrusions, you could end up spending your security budget without any ROI.

To assess the effectiveness of your SOC, you need to regularly evaluate the overall quality of your service. Ask yourself questions like:

  • - How do we respond to an event?
  • - What determines our patrol schedule?
  • - What do we do to manage access control?
  • - How do we record incident reports?

Once you have outlined your current processes for different areas of your security program, then you can take a closer look at the outcome to ensure performance. There are many tools available to monitor your daily security operations, so you and your supervisors can see if you need to move agents to different duties to ensure consistent levels of productivity. For example, if you notice that your team is struggling with alarm response times, you might need to shift some security agents to work on alarms to better split up the duties.

Your SOC team’s productivity plays an important role in the quality of your security. It’s next to impossible for a single agent to notice the situation, follow an intruder on multiple video feeds, look up account protocols, call the police, speak with dispatch and connect with site contacts — all of which are necessary steps and must be performed well for an effective response. By regularly evaluating the performance of your security program, you can work with your team to divide responsibilities so they can stay alert and ready to address any issues.

In a service-based business such as remote monitoring, quality and consistency go hand in hand. No one wants stellar security just a few days a month and mediocre but steady security every day. But with effective collaboration between technology and people, you can constantly improve the quality and consistency of your security program.

security-operations-center-063. Keep track of performance metrics

To truly transform your security program, you need to use metrics to make data-driven decisions that clearly enhance your security. If you are looking to improve your security from what’s happening right now, then you need to get a clear picture of your current operations. The most accurate representation of your performance comes from actual data; otherwise, you’re just guessing.

If you’re not sure how to get started on collecting data about your security operations, consider these questions:

  • - How many alarms do you get every day and every night?
  • - What is the average alarm response time?
  • - How long does it take for you to answer phone calls?
  • - Are you ahead of or behind on your active patrol schedules?
  • - What is the average time it takes to close an alarm?
  • - How many alarms result in incidents that require reporting and more staff time?
  • - How many people do you have scheduled every day and every night?

Collecting this type of data gives you greater insight into what happens behind the scenes of your SOC so you can figure out your operational standard and create a concrete plan for improvement. But it’s not enough to just have a bunch of data that you don’t understand. You also need to analyze the information, look at trends over time and see what’s working and what you need to change. After collecting and analyzing data over a period of time, you can even improve your reporting systems so you can collect more relevant information every time.

If you see anything in your overall operation that does not meet your standards, you can use data to figure out why this is happening and how to change it. Reliable, high-quality security comes from informed decision making, not just anecdotal evidence. A successful SOC team will be able to tell you what happened on any given night, from the number of events that happened to how they will improve their responses next time, based on their performance metrics.

It’s no exaggeration to say that the decisions behind your security operations can make or break your business. While security has become an expected part of any organization’s budget, it’s only as effective as the resources you put into it. A security operations center can transform your security strategy by providing a dedicated team that ensures reliable monitoring and efficient response times.

A successful SOC requires highly trained supervisors, regular quality control checks, and a constantly updated record of your performance metrics. With these measures in place, you are sure to see your security program become more reliable and effective in no time.

* * *

eric-jackelEric Jackel is the vice president of operations for Prosegur’s monitoring division.

For close to fifteen years, Eric has been overseeing all aspects of Prosegur’s Security Operations Center (SOC) based in Lowell, MA. During this time, he has seen firsthand the evolution of the video monitoring industry, from the analog era to the digital age, along with advancements in video analytics and advanced AI platforms.

Eric has worked with Prosegur’s key clients on the monitoring side to help build innovative and impactful security programs, and has also done consulting work for various companies in the US and Europe. Formerly, Eric served as a professor at Northern Vermont University and a volunteer search-and-rescue team member for New Hampshire Fish & Game.

A graduate of Fitchburg State University, Eric holds a bachelor’s degree in English and communications. He is a board member of the Santa Monica Mountains Project and former President of the Bretton Woods (NH) Chamber of Commerce. Eric is the proud father of a 9-year-old son and 12-year-old daughter.