ISJ Exclusive: Delivering the insights needed to make the best decisions

Vik Ghai, CTO, Vector Flow explains why effective governance can take your security operations centre from good, to great.

Healthcare is a big business and it touches every human life, often in very profound ways. With market consolidation and newer offerings, US-based companies span multiple locations across campuses, regions and even countries.

This complexity poses challenges for security managers to monitor, investigate and respond to physical security alarms and other trigger events at local or remote facilities.

Security operations centres, or SOCs, take on the challenge of ensuring business continuity while improving themselves along the way. As per the quote previously mentioned, a large healthcare company we are working with deployed our SOC Governance solution to improve SOC performance and raise staff morale. Here’s their story…

Aligning strategy with leadership philosophy

Headquartered in the United States with over 40 campus locations worldwide – offices, R&D, data centres, testing facilities, wellness centres, manufacturing and distribution centres – this healthcare company develops and markets vital lifesaving products.

Physical security is monitored and managed via multiple regional and few local SOCs around the world. Like many organisations, they were challenged with the increasing cost of running a 24/7/365 SOC environment and had suffered high staff burnout and turnover, despite increased expenses – resulting in ineffective response and operations management.

To improve the situation, this company wanted to understand the root causes of its SOC challenges. They tried running reports using Excel workbooks and online reporting tools (such as Tableau, PowerBI etc.) for over six months. The results were batch-oriented reports that were frustrating to use, in part, due to physical security data quality issues, nuances within physical security system data storage – nor did the reports provide any real insights into the SOC operations. 

Looking for a better answer, the company met with the Vector Flow team and asked for an out-of-box product that delivered more than just SOC reports. The company wanted insights and accurate metrics to help better understand the value that its SOC was bringing to its core business as well as to resolve challenges with its SOC team.

The company wanted a true framework that ensured that its SOC goals were being achieved, and equally important, why they were not being met.

We discussed a SOC Governance strategy that informs the company of what “great SOC” performance looks like with metrics that can help tell if they are there or not. Our strategy was aligned with this company’s leadership philosophy: “Great leaders organise their teams around a compelling goal, arm the team with the right metrics to inform where they are in the journey and then get out of the way.”

Vector Flow’s SOC Governance Dashboard does just that – it accurately and autonomously measures performance and success and more importantly the gaps, making sure your team knows the goals of an effective SOC.

Before Vector Flow could deploy the SOC Governance solution, one basic question had to be answered: Did the company have the required data? Before anyone can generate great metrics, they need to start with good, reliable data.

Vector Flow provided a pre-built “certified” connector for their physical security system used to perform alarm triage, launch investigations, dispatch guards and resolve alarms. Vector Flow’s connector was able to track ALL SOC activity and Vector Flow’s AI Engine “cleaned” and “correlated” the data from that activity.

This combination enabled approximately 80 machine learning features associated with distinct time series, operators, devices, locations, extreme weather events, traffic, types of personnel in the building, high-risk areas and more. With the right data set, we were quickly able to answer the following questions:

1. When do most alarms show up? (to understand SOC staffing)
2. How long do alarms wait before they get acknowledged? As in MTTA (median time to acknowledge) alarms
3. How long does it take to resolve alarms?
4. Audit quality of alarm response – this helps SOC supervisors determine if the alarm responses and investigation are done correctly – this also helps to analyse errors/processes/training issues
5. How many alarms go unacknowledged, especially when no one is in the building? (An indicator of risk)
6. What are the business areas with the most alarms or anomaly activity? (This helps to engage/alert the business partners)

These metrics are key to measuring SOC efficiency because they tell you when SOC responses are requested, how long tasks take to be accomplished – and how well the SOC is performing.

Next, we could provide unique insights such as:

1. Forecast alarms and SOC capacity – what will alarm loads look like in the future and does the SOC have the right capacity (of operators) to handle the load?
2. Help reduce alarm wait times – by identifying the root causes of alarms, especially increases in alarms, it means that system/service issues can be addressed proactively
3. Improve SOC throughput by identifying repetitive tasks that can be automated
4. Increase SOC quality by enabling collaboration and service ticket automation between the SOC team and physical security system integrator
5. Recommend training opportunities at the individual operator level

As demonstrated in this brief use case, the results generated for this healthcare giant were outstanding.

Automating SOC Governance required a definition of what the company wanted to accomplish and the right tools to accurately capture, clean, correlate, analyse and deliver the insights (not reports) needed to make the best possible decisions. 

Are you ready to see what a “great SOC” looks like and if you have one? Check out our SOC Automation ROI tool to customise your SOC or contact us to get the conversation started.

This article was originally published in the special September show edition of International Security Journal. To read your FREE digital edition, click here.