Contributed Article

When it comes to effective cyber defences, SOCs – Security Operations Centres – have a vital role to play, says Nadia Doughty, Technical Pre-Sales Consultant with BAE Systems Digital Intelligence.
The trouble is, not every organisation has them…

I had one of those awful phishing emails earlier today – apt timing given writing this blog was on my to-do list. Luckily, I spotted it and was quick to report and delete, but I imagine such attempts can often get through. It takes only a momentary lapse in concentration and cyber attackers can be free to run amok across your private digital terrain.

That I was aware enough to spot the attempt was down to the fact that I’d had my coffee this morning and, more importantly, I work at BAE Systems Digital Intelligence, where the importance of one’s personal cyber security is drilled into us, both verbally and through various operational exercises. This is particularly pertinent given we have recently shifted to hybrid working and so we’re not always protected by our office-based firewalls.

That said, despite such defensive efforts, there’s no doubt that the cyber threat has evolved and matured. All too often, the rapidly emerging threat landscape means that corporate safeguards constructed only a few years ago may no longer be able to detect, mitigate and respond comprehensively to the ever circling threat of cyber attackers.

Traditional security operations only protect against predictable threats. Effective cyber defence against sustained threats now require advanced security operations, threat intelligence and incident response capabilities.

In other words, what’s needed is a Security Operations Centre (SOC), but what is this exactly?

Signalling for a SOC

We’re all familiar with the concept of a one stop shop, something which brings together myriad services and personnel under one roof. Well, a SOC is the same but is specifically for cyber defence. Basically, a SOC is a team of IT security professionals who are tasked with safeguarding an organisation’s IT systems and infrastructure, detecting threats and responding in real time.

As my colleague Chris Holt attests, although their design and construction do not always run smoothly, SOCs have the potential to offer an array of benefits. Not only do they combine advanced protective monitoring and detection techniques to detect and counter targeted attack campaigns but they can also proactively detect and reverse engineer emerging threats. And as well as being responsible for implementing a robust incident management process, they can also lead the way in strengthening security operations capabilities, tailoring security objectives to meet an organisation’s bespoke needs.

So that all sounds great – what’s the problem?

Well, in addition to the issues that Chris has described, it transpires that not every organisation has opted to have a SOC spearheading their cyber defences.

Wanted: More SOCs

I work predominately in the telecoms industry and my colleagues and I have found that all too often, organisations focus their services on responding to Advanced Persistent Threats. Now that’s fine, but these are only nation state threat actors – it by no means captures the scale of the threat. And monitoring only happens on an ad hoc basis – hardly the 24/7 approach on offer from SOCs.

We believe telco organisations can take a three step approach to achieve more effective monitoring and reduce their cyber risk. In the short term, analysts should be deployed to existing IT teams to establish a regular monitoring cadence. Over the medium term, the focus should switch to recruiting new security specialists who can assist with knowledge transfer and better prepare each organisation for the cyber challenges taking shape on the horizon. And then over the longer term, SOCs can be set up and strategically integrated within each organisation’s structure and processes.

How we can help

BAE Systems has a wealth of experience in the design, build and continuous improvement of SOCs, and more importantly understands the need to establish a proportionate operation which maximises value to the customer organisation.

BAE Systems offers a range of services to help organisations traverse their SOC journey.

  • Security Operations Needs Assessment (SONA):
    It is difficult to establish or mature a SOC in a unified and strategic way without a clear understanding of what that security operation should look like in the context of the threat, risk and business posture of the organisation. SONA offers detailed consultancy and thought leadership to define the requirements and target state for security operations within an organisation, proportionate to their threat and risk landscape and in line with their business requirements, compliance obligations and risk appetite.
  • SOC Design & Build:
    BAE Systems has successfully delivered several large SOC implementations globally using our proven, vender-agnostic SOC blueprint. The blueprint architecture is modular, open and flexible, enabling customers to wrap around existing investments, as well as building from the ground up, to create a security operations capability which fits the needs of the organisation. BAE Systems implements a design, build, run, transfer model, enabling the upskilling of in-house capability and eventual enterprise ownership once staff reach a sufficient level of expertise.
  • Security Operations Centre Maturity Assessment (SOC MA):
    In light of the ever-evolving cyber landscape, SOCs established only a few years ago may no longer be able to detect, mitigate and respond as comprehensively and effectively as they once were. Organisations with a desire to improve must have a detailed understanding of current maturity and the gaps and challenges which may be impeding growth. BAE Systems’ SOC MA offering is a short engagement which uses a simple, scalable and repeatable methodology based upon our proven SOC blueprint, to conduct a thorough assessment of the maturity of existing SOC capabilities and produce pragmatic, prioritised recommendations to help customers maximise the value and effectiveness of their SOC operation.

Learn more about our Security Operation Centre design and delivery services—delivery