Among the primary reasons for establishing a Security Operations Center (SOC) are strengthening cybersecurity posture, enabling faster detection and response and gaining a competitive edge. Interestingly, despite the increasing demand for automated cybersecurity solutions, businesses rely on skilled security professionals to make key decisions, as human expertise remains essential for effective security management, a press release said.
A Security Operations Center (SOC) is a dedicated unit for continuously monitoring and protecting an organization’s IT infrastructure, with a focus on detecting, analyzing, and responding to cyber threats. To understand the drivers and priorities behind SOC adoption, Kaspersky conducted a global study among senior IT security leaders at companies with over 500 employees that do not yet have an SOC but plan to establish one. Covering 16 countries across APAC, META, LATAM, Europe, and Russia, the study found that 50% of organizations plan to build SOCs to strengthen their cybersecurity posture, while 45% cite increasingly sophisticated threats as the key driver. Other motivations include faster detection and response, budget optimization, and expanding IT environments 41%, alongside 40% data protection, 39% regulatory compliance, and competitive advantage (33%), particularly among larger enterprises.
Among the functions organizations plan to assign to their SOCs, 24/7 security monitoring ranks highest at 54%, underscoring the need for continuous vigilance to detect anomalies early, prevent escalation, and maintain real-time cyber resilience. The study also highlights differing priorities, with organizations planning to fully outsource SOC operations placing greater emphasis on “lessons learned” practices, while those developing in-house SOCs focus more on access management to retain tighter control over their security environments.
While SOCs rely on advanced security technologies, the study confirms that human analysts remain central to effective operations. The most commonly adopted tools – Threat Intelligence Platforms (48%), Endpoint Detection and Response (42%), and Security Information and Event Management systems (40%) automate data collection and reduce workload but depend on skilled professionals to interpret findings and guide response decisions. Other solutions include Extended Detection and Response (38%), Network Detection and Response (37%), and Managed Detection and Response (33%), with large enterprises deploying more technologies per SOC on average (5.5) than smaller organizations (3.8).
“To successfully build a SOC, companies must prioritize not only the right mix of technology but also the careful planning of processes, clear goal-setting and effective resource distribution. Well-defined workflows and continuous improvement are essential to ensure that human analysts can focus on critical tasks, making the SOC a proactive and adaptable component of their cybersecurity strategy,” comments Roman Nazarov, Head of SOC Consulting at Kaspersky.
To support organizations in establishing and maintaining an effective SOC, Kaspersky recommends engaging with Kaspersky SOC Consulting during initial setup or when enhancing existing security operations to ensure robust processes and efficient workflows. Security performance can be further strengthened with Kaspersky SIEM, which leverages advanced AI capabilities to aggregate, analyze, and contextualize log data across IT environments, while the Kaspersky Next product line delivers real-time threat visibility, investigation, and response through EDR and XDR capabilities. In addition, Kaspersky Threat Intelligence equips security teams with deep, actionable insights throughout the incident management cycle, enabling timely identification and mitigation of cyber risks.
To explore more of Kaspersky’s solutions and services for building and enhancing your SOC, please follow the link.
