Among the primary reasons for establishing a Security Operations Center (SOC) are strengthening cybersecurity posture, enabling faster detection and response and gaining a competitive edge. Interestingly, despite the increasing demand for automated cybersecurity solutions, businesses rely on skilled security professionals to make key decisions, as human expertise remains essential for effective security management.
A Security Operations Center (SOC) is a dedicated organisational unit responsible for continuous monitoring and safeguarding of a company's IT infrastructure. Its core mission is to proactively detect, analyse and respond to cybersecurity threats. To identify the main drivers, strategic priorities, and potential challenges in SOC planning and implementation, Kaspersky has conducted a comprehensive global study involving senior IT security specialists, managers and directors from companies with 500 or more employees. All participants operate without a SOC but have plans to establish one in the near future. The study spans 16 countries across APAC, META, LATAM, Europe, and Russia, providing valuable insights into the emerging trends and best practices in SOC development worldwide.
The findings of the research reveal that 50% of companies intend to establish SOCs to strengthen their cybersecurity posture, and 45% are motivated by the need to address increasingly sophisticated and dangerous threats. Other drivers include budget optimisation, the necessity for faster detection and response, and the expansion of software, endpoints and user devices - factors that demand more comprehensive and layered security measures. These are cited by 41% of organisations. Additionally, 40% seek better protection of confidential information, 39% aim to meet regulatory requirements and one-third (33%) expect SOC capabilities to provide a competitive edge. Larger enterprises tend to cite each of these reasons more often, reflecting the broader operational and regulatory pressures they experience.
Continuous monitoring becomes the leading SOC requirement
Among the key functions organisations plan to delegate, 24/7 security monitoring leads at 54%. This around-the-clock vigilance enables early detection of anomalies, prevents escalation and sustains cyber resilience in real-time. This demand highlights a strategic requirement for proactive risk management, as organisations aim to defend against persistent threats that can strike at any moment.
Companies intending to fully outsource SOC operations show a stronger interest in applying “lessons learned” methodologies, whereas those developing internal SOCs focus more on access management to maintain tighter control.
Human expertise drives SOC technology choices
While SOCs use advanced technology, the choices made by organisations show that human analysts are very important. Among the solutions that organisations plan to include in SOC are - Threat Intelligence Platforms (48%), Endpoint Detection and Response (42%) and Security Information and Event Management systems (40%) - sophisticated solutions that automate data collection and reduce operational load, however, they depend heavily on skilled security professionals who provide critical context, interpret complex findings and make final decisions when guiding appropriate responses.
Other solutions chosen include Extended Detection and Response (38%), Network Detection and Response (37%) and Managed Detection and Response (33%). Large enterprises tend to adopt more technologies (5.5 per SOC on average), while smaller ones integrate fewer (3.8).
"To successfully build a SOC, companies must prioritise not only the right mix of technology but also the careful planning of processes, clear goal-setting and effective resource distribution. Well-defined workflows and continuous improvement are essential to ensure that human analysts can focus on critical tasks, making the SOC a proactive and adaptable component of their cybersecurity strategy," comments Roman Nazarov, Head of SOC Consulting at Kaspersky.
To successfully establish and effectively maintain your SOC, Kaspersky recommends the following:
- Equip your cybersecurity team with in-depth visibility into cyber threats relevant to your organisation. The latest Kaspersky Threat Intelligence delivers rich, contextual insights throughout the entire incident management cycle, enabling timely identification of cyber risks.
- Engage with Kaspersky SOC Consulting during the initial setup or when enhancing your existing security operations.
- Boost your security performance with Kaspersky SIEM, powered by advanced AI capabilities. This solution aggregates, analyses and stores log data across your entire IT infrastructure, providing contextual enrichment and actionable threat intelligence insights.
- Protect your company against a wide range of threats with solutions such as from the Kaspersky Next product line that provides real-time protection, threat visibility, investigation and response capabilities of EDR and XDR for organisations of any size and industry.
To explore more of Kaspersky’s solutions and services for building and enhancing your SOC, please follow the link.
