Integrating proactive defence strategies into modern security operations centers
Hovi, Minta (2026)
2026
All rights reserved. This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-202602193197
https://urn.fi/URN:NBN:fi:amk-202602193197
Tiivistelmä
The purpose of the thesis was to clarify how the integration of proactive security measures affects the operations and efficiency of Security Operations Centers (SOC) for Elisa Santa Monica Oy. Cyber threats continue to grow in complexity and scale, and it can be challenging to keep up with the traditional reactive approaches. The thesis aimed to examine whether the addition of proactive elements can help improve SOC operations and respond better to emerging threats.
The study was conducted as a research-based development work. Based on existing materials, key principles were identified and a set of best practices for the shift to proactive operations was compiled. The material was collected from industry vendor publications and from industry standards and instructions. The most functional practices were identified through comparative analysis of the collected materials.
The results showed that a shift to proactive SOC operations requires changes in the whole organization and in its culture. New tools and work processes need to be introduced, and continuous improvement must become a part of everyday operations. As a result of these efforts, shifting to more proactive activities provides evident changes in quality of SOC operations, such as reducing adversary dwell time and improving quality of detections made.
Based on the results, the future direction of SOC operations is clearly towards proactive approaches. Although traditional reactive measures still have their place, the integration of proactive elements is worth considering when planning for future SOC operations and developments.
The study was conducted as a research-based development work. Based on existing materials, key principles were identified and a set of best practices for the shift to proactive operations was compiled. The material was collected from industry vendor publications and from industry standards and instructions. The most functional practices were identified through comparative analysis of the collected materials.
The results showed that a shift to proactive SOC operations requires changes in the whole organization and in its culture. New tools and work processes need to be introduced, and continuous improvement must become a part of everyday operations. As a result of these efforts, shifting to more proactive activities provides evident changes in quality of SOC operations, such as reducing adversary dwell time and improving quality of detections made.
Based on the results, the future direction of SOC operations is clearly towards proactive approaches. Although traditional reactive measures still have their place, the integration of proactive elements is worth considering when planning for future SOC operations and developments.