We throw around the acronym “GSOC” a lot. (After all, it is a part of the name of our product…)
But what do we mean when we talk about the function of a Global Security Operations Center? Let’s discuss.
First and foremost is defining what a GSOC is. We often refer to it as a GSOC when the organization has a large global footprint and manages multiple sites around the world from a single location. Similarly, you might also hear of it referred to as a Security Operations Center (SOC), which can imply more of a regional focus. However, there are other names that exist:
No matter what your organization calls it, when we talk about the GSOC, we mean a facility that is tasked with monitoring and responding to security events on a global scale.
The role that a GSOC plays for an organization is that of a centralized place where incoming security data is collected, analyzed, and acted on. More specifically, a GSOC integrates intelligence from various sources to better facilitate response in the event of a security incident or emergency. GSOCs act as a core function for mitigating risk to an organization, protecting assets and people from harm, and maintaining awareness of multiple locations and the risks they face.
GSOCs play a multitude of roles, including:
The modern GSOC understands what the goals of the overall business are and aligns security strategies with these goals, including what kind of data should be collected and how it’s used to drive business goals.
GSOCs are primarily staffed by operators and analysts who are tasked with managing incoming alerts, from identification to elevation to response.
For some organizations, building a GSOC can be cost-prohibitive or might not make sense to the business in the short-term. In these instances, businesses may benefit from a virtual GSOC (vGSOC) or what's sometimes known as GSOC-as-a-Service, which consists of outsourced, external resources available to oversee and respond to physical security events in real-time from a centralized location.
Typically, this consists of a customized solution built around the individual needs of how the company operates, but managed by external experts. These vGSOC components utilize technology that the customer has implemented with standard operating procedures (SOPs) that are specific to the customer’s needs.
In some cases, companies may engage with a vGSOC as they build their own infrastructure in an effort to make changes/transition their existing security programs to an in-house model. Using a vGSOC saves an organization money by cutting down on internal resources and the training needed to stand up such an operation.
While incoming data from the more traditional end point solutions, such as access control and video surveillance cameras, can be found being funneled to the GSOC for analysis by operators, there are other tools that may be used, including:
A video wall/workstations: It might not look exactly like a scene from Minority Report, but a GSOC typically does have large screens displaying any number of information feeds, such as live news broadcasts, social media feeds, video feeds, and more.
Operational dashboards: It’s not uncommon for GSOC operators to have to navigate between multiple screens and solutions to get the information they need about a specific incident. However, the modern GSOC should be well equipped with operational dashboards and a fusion platform designed to bring in data from multiple sources and aggregate the information for operators. The result is a more streamlined response that can save money and time.
Artificial intelligence (AI): It may seem like a buzzword, but there’s a lot of ways AI is being used in a modern GSOC through threat detection, anomaly detection, and streamlining processes for operators and guarding resources.
Threat intelligence solutions: Software that can ingest the data incoming to the GSOC from various sources, determine levels of risk, and make recommendations based on the findings are changing the way GSOCs are viewed to the organization. Reducing risk is the main goal of the use of this kind of technology.
Internally, GSOCs may ingest data from human resources, access control systems, video surveillance data, security officers and their patrol information, supply chain oversight, and more. For instance, the GSOC may have access to executive travel plans to alert relevant parties to potential threats and monitor for safe arrival and departure.
External data might include local law enforcement scanner information, traditional news sources, weather data, social media feeds, government-related alerts and PSAs, and even dark web monitoring.
While there are resource-related challenges that GSOCs face – such as a lack of guarding resources, high turnover, and high rates of burnout – there’s also the overwhelming amount of incoming data that makes it difficult to drill down into what’s important. For many GSOCs, data hasn’t been a problem to generate; it’s the ability to analyze the incoming data and turn it into usable information for relevant stakeholders that’s been a real issue.
As operators are able to leverage more intelligent platforms for aggregating the streams of data coming into the GSOC, the result will be a better understanding of pain points within a security program, better response times, and the reduction of noise and false alarms, which can ultimately address some of the causes of burnout.
The HiveWatch® GSOC Operating System is a Security Fusion PlatformTM that allows security teams to bring together data from their existing disparate security systems and provides them with an intelligent, holistic, and actionable view. The GSOC OS is the orchestration layer that works with your existing security systems, allows you to consolidate programs and systems, and reduces false alarms. Used in the GSOC, the platform enables operators to respond to prioritized, “de-noised” risks, which allows them to ensure a more streamlined response.
For GSOCs with guarding resources allocated, the GSOC OS works seamlessly with the Guard Mobile App to replace the need for old-school radios. Using the app, field resources can receive full context of the event they are responding to, including video and location info, and can collaborate easily with security operators to resolve the situation.
Ready to learn more about how HiveWatch can help make your GSOC more intelligent? Click here for a 1:1 demo.