Among the primary reasons for establishing a Security Operations Center (SOC) are strengthening cybersecurity posture, enabling faster detection and response and gaining a competitive edge. Interestingly, despite the increasing demand for automated cybersecurity solutions, businesses rely on skilled security professionals to make key decisions, as human expertise remains essential for effective security management.
A SOC is a dedicated organizational unit responsible for continuous monitoring and safeguarding of a company's IT infrastructure. Its core mission is to proactively detect, analyze and respond to cybersecurity threats. To identify the main drivers, strategic priorities, and potential challenges in SOC planning and implementation, Kaspersky has conducted a comprehensive global study involving senior IT security specialists, managers and directors from companies with 500 or more employees. All participants operate without a Security Operations Center (SOC) but have plans to establish one in the near future. The study spans 16 countries across APAC, META, LATAM, Europe, and Russia, providing valuable insights into the emerging trends and best practices in SOC development worldwide.
The findings of the research reveal that 50% of companies intend to establish SOCs mainly to strengthen their cybersecurity posture, and 45% are motivated by the need to address increasingly sophisticated and dangerous threats.
Secondary drivers include budget optimization, the necessity for faster detection and response, and the expansion of software, endpoints and user devices - factors that demand more comprehensive and layered security measures. These are cited by 41% of organizations. Additionally, 40% seek better protection of confidential information, 39% aim to meet regulatory requirements and one-third (33%) expect SOC capabilities to provide a competitive edge. Larger enterprises tend to cite each of these reasons more often, reflecting the broader operational and regulatory pressures they experience.
Continuous monitoring becomes the leading SOC requirement
Among the key functions organizations plan to delegate, 24/7 security monitoring leads at 54%. This around-the-clock vigilance enables early detection of anomalies, prevents escalation and sustains cyber resilience in real time. This demand highlights a strategic requirement for proactive risk management, as organizations aim to defend against persistent threats that can strike at any moment.
Companies intending to fully outsource SOC operations show a stronger interest in applying “lessons learned” methodologies, whereas those developing internal SOCs focus more on access management to maintain tighter control.
Human expertise drives SOC technology choices
While SOCs use advanced technology, the choices made by organizations show that human analysts are very important. The top three selected technologies - Threat Intelligence Platforms (48%), Endpoint Detection and Response (42%) and Security Information and Event Management systems (40%) - are sophisticated solutions that automate data collection and reduce operational load, however, they depend heavily on skilled security professionals who provide critical context, interpret complex findings and make final decision when guiding appropriate responses.
Additional solutions chosen include Extended Detection and Response (38%), Network Detection and Response (37%) and Managed Detection and Response (33%). Large enterprises tend to adopt more technologies (5.5 per SOC on average), while smaller ones integrate fewer (3.8).
"To successfully build a SOC, companies must prioritize not only the right mix of technology but also the careful planning of processes, clear goal-setting and effective resource distribution. Well-defined workflows and continuous improvement are essential to ensure that human analysts can focus on critical tasks, making the SOC a proactive and adaptable component of their cybersecurity strategy," comments Roman Nazarov, Head of SOC Consulting at Kaspersky.
To successfully establish and effectively maintain your SOC, Kaspersky recommends the following:
- Engage with Kaspersky SOC Consulting during the initial setup or when enhancing your existing security operations. Our comprehensive consulting services are designed to help companies build a robust SOC and streamline its processes.
- Boost your security performance with Kaspersky SIEM, powered by advanced AI capabilities. This solution aggregates, analyzes and stores log data across your entire IT infrastructure, providing contextual enrichment and actionable threat intelligence insights.
- Protect your company against a wide range of threats with solutions from the Kaspersky Next product line that provide real-time protection, threat visibility, investigation and response capabilities of EDR and XDR for organizations of any size and industry.
- Equip your cybersecurity team with in-depth visibility into cyber threats targeting your organization. The latest Kaspersky Threat Intelligence delivers rich, contextual insights throughout the entire incident management cycle, enabling timely identification of cyber risks.
To explore more of Kaspersky’s solutions and services for building and enhancing your SOC, please follow the link.
