SOC News

Cyber attacks are now shaping the business world. They reached the visibility in board meetings as such attacks can impact business processes, production, reputation, contact with regulators, or data privacy. 

Why is this topic omnipresent today, and what can be done against it? In the following blog, Jürg Meier (Lead Security Operation Center) answers these questions. 

Security Operation Center in Olten

Security Operation Center in Olten

Current situation

A few years ago, a successful cyber-attack was a headliner in the news. Today the newspapers are filled with topics around data breaches or data exfiltration in combination with blackmailing. 

The visibility in board meetings improved with the rise of the attacks. Reason for that is that such attacks often impact on business processes, production, reputation, involvement of regulators, or Data Privacy. The Management Boards require an overview of risks based on current threats and measurements taken. It should provide the board with enough evidence about the security posture and action required to protect the companies’ assets. 

A well-designed and documented infrastructure are essential for organizational and technical activities in case of a security incident. But the focus in this article lies on protection, detection, and response from a technical point of view. 

What?

Protection requires an asset inventory with all assets. Each asset has its portion in one or more business process(es) and needs adjusted protection for the data processed. But first, the Operation System and application must be kept up to dat. A hardened and patched system supports the business more reliable than a vulnerable one exposed to threats. A plan to prioritize and implement the patches is critical for a secure infrastructure. The remaining exposure level due to postponed or unpatched assets should be reported to a role outside of IT Operations like an Information Security Officer (ISO). This role reports the remaining risks to the board and creates proposals together with IT Operations. A Threat & Vulnerability Service can support such an achievement. 

Another key element is detection. A hardened system increases the resilience against threats but cannot prevent attempts by internal or external actors. A Security Operation Center (SOC) supports IT Operation by analyzing the collected system events. Use cases are defined to combine and analyze event information. Modern SOC technologies include Machine Learning and behavior analytics to detect potential threats on Identities or Systems. SOC Security Analysts review the generated security incidents and act within the customer-approved reaction. 

One aim of a SOC is to analyze and forward only Security Alerts and Incidents that require a customer’s intention. 

basevision-soc-grafic-alerts-customer

How

The cloud-native baseVISION SOC handles such customer Security Incidents daily. SOC Security Analysts analyze and investigate the event and directly alert in the customer infrastructure. In the case of a potentially successful attack, the SOC can react on behalf of the customer or alert the people in charge. 

In case of ransomware, the SOC can immediately alert customers 24/7 or, when allowed, isolate the infected systems. The permitted SOC activities should follow preapprove conditions and steps to reduce the impact to an acceptable level for the customer. 

Example: The need to isolate a voice system or Online Shop has an immediate reaction to customers. The isolation could interfere with internal/external communication or an online presence. 

Summary

The importance of a secure IT infrastructure is a given in the business world today. But this alone is not enough. Cyber attacks are becoming more and more perfidious, and security managers must constantly evolve. This is a challenge that many companies are currently struggling with. For this reason, we have established our Security Operation Center. Our security experts will be happy to take care of your security. Make an appointment and visit us in Olten.

Do you have any questions about SOC? Contact us without obligation. Running a SOC is time-consuming and involves a lot of responsibility. Check out the SOC in Olten and get to know more about the SOC activities and the team. 

Visit our SOC in Olten

Microsoft based Security Operation Center

Are you ready to take the next step on your security journey today? Find out more about our SOC.