By Niall Browne, CISO\n\nThe traditional security operations center (SOC) is based on a model that has persisted for decades, yet it\u2019s no longer effective. Too much has shifted in organizations and in the threat landscape for the \u201cold ways\u201d to work.\n\nNow is the time for a change to enable a modern SOC\u2014taking on SOC consolidation to achieve better outcomes, with faster remediation, reduced risk and an overall stronger security posture.\n\nSo, what exactly has changed for SOCs?\n\nIn legacy SOCs, IT security staff are seated shoulder-to-shoulder in close proximity, looking at screens loaded with myriad details, providing views and data from dozens of security tools delivering a never-ending stream of alerts. This traditional SOC model was always about trying to keep up in a race against alerts and resource constraints that could never really be won.\n\nThe pandemic exacerbated multiple challenges with the traditional SOC model. Resources have become more strained than ever, and it\u2019s often no longer possible to have everyone physically present within the SOC. At the same time, the threat landscape is exploding, with significant cyber incidents increasing at a record pace.\n\nAnswering these new realities means that modern SOCs must consolidate, do more with less, and optimize their practices for the reality and demands of today and tomorrow.\n\n3 issues that cause challenges in legacy SOCs\n\nWithin legacy SOCs, we see three primary issues that lead to poor outcomes and a weakened security posture.\n\nSOC consolidation is an opportunity for digital transformation\n\nIT as an industry is moving towards more homogeneous environments and more consolidation. Now is the time to do a reset, as companies are moving to the cloud and making the digital transformation journey. This is the right time to look at security products and tools used in the SOC and determine what the return on investment (ROI) is for each of them, consolidating those security investments into a core set of capabilities that you can define in a platform.\n\nSOC consolidation helps with prevention and protection\n\nSprawl is the archenemy of security in any organization. Take the Log4j security incident that overcame SOCs at the end of December 2021. That was a security flaw in an application library found in many different locations. In a legacy SOC running 75 to 80 different tools, identifying, remediating, and protecting all vulnerable assets is not a trivial affair.\n\nSOC consolidation supports security teams\n\nEven more importantly, SOC consolidation can be a tremendously positive thing for an organization\u2019s staff. The traditional SOC is often seen as a steppingstone to get into cybersecurity and not as a career. The reason for that is individuals in the SOC are typically inundated with events, under a tremendous amount of pressure, and have to deal with things in a manual and typically chaotic model.\n\nWhen the SOC is just a transitory means to get into security as a career, that\u2019s a terrible model. It means you don\u2019t have people invested in building an incredibly effective SOC. Rather, you have people that \u201cdo their time\u201d in the SOC and then move on to other more promising roles.\n\nAs you consolidate your SOC, you\u2019re changing the way the SOC and the people within it work. So instead of SOC staff doing the same repetitive, boring tasks, they\u2019re now focused on high-value projects continuously improving the technology and being more effective at threat hunting. The result of all of these changes is that they\u2019re much happier because they\u2019re working on projects where they can have a meaningful impact and can reach their full promise. It\u2019s no longer the \u201chamster on a wheel\u201d mentality. And happy, fulfilled people stay longer and work to make systems even better.\n\nNo organization has the time or resources to waste on sifting through endless alerts with manual processes spread across disparate tools that don\u2019t work well together. The time for SOC consolidation\u2014to create a SOC that is modern and able to manage today\u2019s complex threats\u2014is here and now.\n\nConsolidate. Simplify. Orchestrate. Automate.\n\nTo learn more, visit us here.\n\n About Niall Browne:\n\nNiall is the Senior Vice President and Chief Information Security Officer (CISO) at Palo Alto Networks. Niall is passionate about helping secure businesses in the cloud. Virtually every company is going through a digital transformation journey to be able to compete and thrive, e.g. cloud, mobile, IoT, machine learning. At Palo Alto Networks, Niall leads the security team that is responsible for helping secure our services. Before joining Palo Alto Networks, Niall was the CSO of cloud platforms for the past sixteen years, including as the Chief Security Officer (CSO) and Chief Trust Officer at Workday.