A SOC is a dedicated organisational unit responsible for the continuous monitoring and safeguarding of a company’s IT infrastructure. Its core mission is to proactively detect, analyse, and respond to cybersecurity threats. To identify the main drivers, strategic priorities, and potential challenges in SOC planning and implementation, Kaspersky has conducted a comprehensive global study involving companies with 500 or more employees, spanning 16 countries, including Việt Nam, providing valuable insights into emerging trends and best practices in SOC development globally.

The findings of the research reveal that 50 per cent of companies intend to establish SOCs mainly to strengthen their cybersecurity posture, and 45 per cent are motivated by the need to address increasingly sophisticated and dangerous threats. In Việt Nam, these motivations are even more pronounced, with 82 per cent of organisations stating that SOC capabilities are essential to enhancing their cybersecurity level, and 83 per cent highlighting the need to deal with new, more advanced, and dangerous threats, both significantly higher than the global averages.

Secondary drivers include budget optimisation, the necessity for faster detection and response, and the expansion of software, endpoints, and user devices, each cited by 41 per cent of organisations. Việt Nam reflects a similar pattern, though with different weightings: 57 per cent of organisations aim to optimise cybersecurity budgets, 75 per cent seek faster incident detection and response, and 56 per cent are looking to manage the increasing number of endpoints, software, and users across their environments. These figures underline the rapidly expanding operational surface and complexity faced by Vietnamese businesses.

Continuous monitoring becomes the leading SOC requirement

Among the key functions Vietnamese organisations plan to delegate, 24/7 security monitoring stands out at 76 per cent, compared to the global average of 54 per cent. This around-the-clock vigilance enables early detection of anomalies, prevents escalation, and sustains cyber resilience in real-time. This demand highlights a strategic requirement for proactive risk management, as organisations aim to defend against persistent threats that can strike at any moment.

Companies intending to fully outsource SOC operations show a stronger interest in applying "lessons learned" methodologies, whereas those developing internal SOCs focus more on access management to maintain tighter control.

Human expertise drives SOC technology choices

While SOCs use advanced technology, the choices made by Vietnamese organisations show that human analysts remain crucial. The top three selected technologies - Security Information and Event Management systems (SIEM) at 71 per cent, Endpoint Detection and Response at 69 per cent, and Threat Intelligence Platforms at 63 per cent - are sophisticated solutions that automate data collection and reduce operational load.

However, they depend heavily on skilled security professionals who provide critical context, interpret complex findings, and make final decisions when guiding appropriate responses.

"To successfully build a SOC, companies must prioritise not only the right mix of technology but also the careful planning of processes, clear goal-setting, and effective resource distribution. Well-defined workflows and continuous improvement are essential to ensure that human analysts can focus on critical tasks, making the SOC a proactive and adaptable component of their cybersecurity strategy," comments Roman Nazarov, Head of SOC Consulting at Kaspersky.

“In markets such as Việt Nam, companies are not only investing heavily in technology but also placing strong emphasis on human expertise, process maturity, and continuous improvement. This combination is critical to ensure SOCs can deliver real operational value, enabling faster decision-making, stronger resilience, and long-term cybersecurity readiness,” comments Adrian Hia, Managing Director for Asia Pacific at Kaspersky.

To successfully establish and effectively maintain your SOC, Kaspersky recommends the following:

   • Engaging with Kaspersky SOC consulting services during initial setup or when enhancing existing operations to define processes, workflows, and operational priorities.

   • Centralising, correlating, and analysing security events across IT environments by deploying SIEM solutions, such as Kaspersky SIEM.

   • Improving real-time threat detection, investigation, and response using EDR and XDR capabilities, including those in the Kaspersky Next product line.

   • Gaining timely visibility into evolving attacker tactics and emerging cyber risks by applying Threat Intelligence, such as Kaspersky Threat Intelligence.