Johannesburg, 06 Jun 2022
Effective cyber security, which ultimately protects businesses, is directly impacted by the level of interaction between key stakeholders within the security operations centre (SOC), namely incident responders, threat researchers and SOC analysts.
This is a key takeaway from a presentation delivered by Muhammed Mayet, senior security architect, Secureworks at the ITWeb Security Summit 2022, hosted recently in Johannesburg and Cape Town.
Mayet provided an overview of the roles of these three cyber security professionals and how research, careful analysis and a well-oiled communications infrastructure can help businesses stay one step ahead of the threat actors.
He has over 25 years of experience across multiple technology domains and a wealth of knowledge gained as an engineer, architect, technical trainer and consultant.
Currently assisting customers with security operations in his role as senior security architect at Secureworks, Mayet has also held multiple roles with RSA Security and Dimension Data, among others.
At the Summit, Mayet highlighted the dynamic interactive environment that characterises the SOC and why it is so important to the overall effort to protect infrastructure and networks.
Cyber security firms like CheckPoint have detailed the critical function of an SOC and defined this as “to monitor , prevent, detect, investigate, and respond to cyber threats around the clock. SOC teams are charged with monitoring and protecting the organisations assets including intellectual property, personnel data, business systems, and brand integrity.”
Addressing delegates at this year’s Summit, Mayet said over and above building out the capabilities to respond to- and effectively address alerts that come into the organisation, the relevance of a mobile security programme to better protect the business cannot be underestimated.
He said globally there are several issues that keep business leaders awake – from a South African perspective, cyber. criminals are certainly top of mind. “We are more concerned about the cyber criminal,” said Mayet, who then delved into members of the SOC set-up.
“So, taking a look at what these people and what they do, starting off let’s look at the security analyst, so this is your front line. They are looking at what is coming in from the end points, from the desktops and laptops… they are trained to look at these trends and identify how to we figure out what is not a threat.”
The level of input, influence and activity of these analysts does depend on the size of the company and the extent of their resources, as well as the type of environment/ corporate culture that has been created, Mayet continued.
“Typically, these analysts have three-to-five years’ experience.”
Once the analyst has done the investigation and should they come across anything suspicious, they then engage the response team to initiate the appropriate response. This is based on a thorough check by the incident response team to delve into the ‘how, what, why, when and where’ of the risk/ threat.
The main objective, he said, is to secure enough information to not only respond to the threat, but also build enough intel to be able to block the threat in future. The key thing for SOC is to ensure that if should an attack occur, the business is able to avoid discovering a threat or attack and not being in a position to respond effectively and proactively.
“Getting an incident response team is a very difficult scenario… with budgets, it’s difficult to get analysts, you can still train them up and build them up through the ranks … but incident response teams are a lot more mature and typically more experienced,” said Mayet.
However a company opts to deploy its human resource capital and tech security skills base, the SOC is a vital cog in the cyber security defence wheel.
Share