Security Operations Center service philosophy
Security Operations Center (SOC) is a comprehensive ICT security monitoring service. It consists of highly specialized IT tools, professional information security knowledge and procedures for responding to detected threats. With the SOC service, the client’s IT infrastructure is monitored continuously. Any identified attack attempts and security vulnerabilities are analyzed by specialists. In the event of a threat, the relevant IT services of the customer will be informed about the problem and how to solve it.
Our idea – a service designed to meet the needs of each client
Every organization is different. Our many years of experience clearly show that an effective security system is one that takes into account the needs and constraints of the organization. That is why we design the Security Operations Center service individually for each of our clients. Such an approach gives an advantage in the effectiveness of security processes, thus increasing the efficiency of identification and mitigation of a security incident. We provide service in three models: Business day , Out of Business day and 24 hours 365 days a year.
Interdisciplinary team available 24 hours a day
People are the most important component of Security Operations Center. The synergy of the BLUE Energy team of professionals, processes and technologies allows to ensure monitoring and response to a cybersecurity incident at the highest level. The service offered is distinguished by understanding the business needs of our clients and their environment.
BLUE Energy’s Security Operations Center consists of a team of experienced ICT security operators, engineers, specialists and architects. They are supported by application and network testers, administrators, management systems auditors, programmers and lawyers. The scope of competences is supplemented by external partners who provide support within the protection systems. Access to such broad competences gives our clients not only a high level of efficiency in identifying security incidents, but also a comprehensive approach to their mitigation, including the possibility of implementing configuration changes or implementations.
Quality and professionalism
At BLUE Energy, we pay special attention to the process of introducing new people to the cybersecurity team. Each person undergoes a training program in which he learns about the issues related to the so-called ‘blue’ and ‘read teaming’. The training program ends with a practical exam and only after its successful completion, operators may conduct independent activities in the Security Operations Center. In addition, each of our projects has its own technical leader who ensures maintenance and transfer of knowledge about Client’s ICT architecture.
Processes
Efficient identification of cybersecurity breaches largely depends on the effectiveness of the monitoring process. However, the layered approach determines a broader view of the security of ICT systems. The Security Operations Center service is a set of processes tailored to the needs and capabilities of the organization. The design of the service involves launching basic processes such as monitoring, response incident, contact center and reporting. In addition, our clients have full support in maintenance and automation of security environments, development of SIEM (Security Information and Event Management) and SOAR systems, vulnerability management, threat hunting or forensic engineering. Each of our projects assumes the transfer of knowledge about threats encountered at the operational level to the management level with the use of risk analysis methods.
BLUE Energy has its own cyber laboratory, which supports our clients, among others in malware analysis, vulnerability management, security testing or building knowledge and awareness. The Security Operations Center service we offer may assume the provision of a SIEM system as well as other security systems or the use of already implemented monitoring systems. We have experience in building monitoring systems based on both open source solutions and commercial systems known and proven on the market. We provide our clients with engineers who improve the security configuration of the maintained solutions and ensure the implementation of new protection systems.
We are the authors of an innovative model of classification of the severity of security threats. Monitoring security without a practical look at what is most important to our clients – the values they offer – can remain out of context, another security process. Therefore, understanding the importance of what is most important to our clients, starting from business processes through information, ending with specific ICT assets, we provide not only technical aspects of security incidents, but also determine the potential impact of a security event on the client’s business. This approach improves the transfer of information to the management level, and also affects the effectiveness of determining the correct severity of a safety event.
SOC deployment is a demanding project that can fail. When starting such a project, it is worth considering the organizational possibilities and planning the functioning of the new team well. Unfortunately, significant mistakes are still made that affect the sense and efficiency of SOC.
Availability of cyber security specialists
Many organizations, when deciding to have their own SOC ‘s, view the retention of a cybersecurity specialist in the category of just another IT position, paying no attention to the low market saturation of people with the desired competencies, as well as the rapidly increasing salaries. Maintaining a cybersecurity team is not only difficult, but can also lead to internal conflicts.
Use of NOC or IT specialists
There are times when an organization already has a well-organized IT team or Network Operations Center service in place. Such specialists can work in 24/7/365 modes, so why not use them to monitor security? It should be remembered that the system or network administrator is a specialist with completely different competences than the Security Operations Center operator. Additionally, the question arises about a conflict of interest. Should the IT department monitor its activities? A large proportion of security incidents are caused by inadvertent or deliberate actions by advanced users as well as administrators and programmers.
Lack of staff development
Security Operations Center in military nomenclature reflects special units. Those operating in the SOC should have a constantly updated knowledge of cyber threats and criminals, and constantly improve their capabilities through training and coaching. Their knowledge and operational capabilities determine the effectiveness of identifying attacks and their mitigation.
Lack of cyber security tools
The technology stack of the cyber security area must follow market trends, and should stay ahead of the capabilities of cyber criminals. Maintaining the right tools is a challenge that is often not included in the budgets of organizations with ICT security teams. The key aspect for monitoring is the so-called threat visibility, therefore an appropriate security architecture consisting of a comprehensive security system and tools used by operators, analysts and architects.
Focus on technical aspects
Security Operations Center is an interdisciplinary issue at the intersection of information technology, operations, organizational security, legal, business analytics or geopolitics. In addition, in cybersecurity itself, there are specialists in the so-called “Blue” and “read teaming”. When building profiles of security teams, they often focus too much on IT capabilities, ignoring other efficiencies required to handle security incidents. Such a strategy significantly extends the time of handling security incidents.
We provide comprehensive support, ranging from the preparation of a security monitoring model and the implementation of the SOC service, through the provision of the Security Operations Center, to the improvement of the maintained security units through audits and knowledge transfer.
If you would like to implement a system for monitoring and event management – SIEM – we invite you to cooperate with us.
Related blog articles
PoC przeprowadozny z narzędziem monitorowania systemów SCADA zapalił nam żółtą lampkę. Skąd tak dziwny ruch w naszych teoretycznie sterylnych sieciach.
Krajowy System Cyberbezpieczeństwa to wymagania dla operatorów usług kluczowych oraz usług cyfrowych. Czym są te wymagania opisane w dość oszczędny sposób w Ustawie? Co mówi sama ustawa o tym jak zapewnić bezpieczeństwo i ciągłość realizacji usług kluczowych?
Częstym problemem organizacji jest zapewnienie efektywnego i gwarantującego właściwą rozliczalność kanału komunikacji wewnętrznej, np. związanej z realizacją praw podmiotów danych, czy zgłaszaniem i obsługą naruszeń ochrony danych osobowych