Security Operations in depth – the true weight of Cybersecurity
We traditionally associate big-picture responsibilities with prestigious roles like that of a lawyer, or an Engineer – perhaps even action-packed jobs like being a fireman or working in law enforcement.
However, roles conducted in the background that keep our societies functional and intact are just as important but seldom discussed. You would never be able to read this article if not for technical people keeping our telecommunications infrastructure intact. You would not be able to fill your car with petrol were it not for truck drivers.
Likewise, our precious data – which keeps government afloat – needs protection and tending to behind the scenes. The Security Operations Centre’s (SOC) unassuming job is, therefore, a tall order in disguise. Thousands of employees, hundreds of thousands of emails and millions of megabytes of data do not simply flow, but rather are scanned by cutting edge software that is managed by a handful of people wholly dedicated to cybersecurity.
You’d be tempted to think it’s just another geeky computer job. Well, it is, but not really since a SOC analyst or architect also needs to keep their fingers on the pulse and their knowledge updated. Therefore, as far as career and learning opportunities go, the SOC provides a proverbial smorgasbord. Our day-to-day bustles with a wonderfully diverse mix of information feeds and technical tasks, but how is it all managed? The SOC is divided into multiple roles with distinct responsibilities:
Tier 1: We can think of tier 1 as the front lines of cyber as it conducts monitoring and analysis of network traffic, system logs, and other data sources to identify potential security threats, vulnerabilities and conducts overall monitoring of the Government’s security posture. Firewalls, intrusion detection, and prevention systems are the bread and butter of tier 1 as the network is scoured for potential threats.
Remediation of threats is also performed by the tier 1. This includes client contact by way of helping not only civil service employees, but also the general public when necessary – soft skills ironically become an asset the cyber security analyst can leverage every day to get to the bottom of any cyber threat.
The advantage of being on the front lines is access to information on security events and incidents as they unfold. Therefore, the tier 1 analyst is uniquely equipped to collaborate with other teams, such as networks teams, to coordinate remediations and enrich their working experience in the process.
Tier 2: a team that is quickly deployed to investigate complex security threats that require their due time and attention as escalated by tier 1. Tier 2 analysts dig deeper into suspicious activity to determine the nature of a threat and the extent to which it has potentially penetrated the network. On a broader perspective, a tier 2 analyst also performs architectural reviews from a security standpoint, which in turn leaves a significant impact on the security posture and update-readiness.
The tier 2 analyst thusly attains a comprehensive view of the architecture – thereby making them able to design, optimise and deploy detection controls by way of keeping abreast with the constantly evolving cyberthreat landscape. Such an endeavour includes the study of adversary behaviours, which is a data and evidence driven process (it’s a bit like geeky art) that identifies, categorises, and prioritises vulnerabilities in any system.
Although the 2 tiers are distinct in nature, a set of processes were put in place in pursuit of their common goals. The 2 tiers therefore work in harmony and can leverage a host of technologies for detection and prevention – proper geeky stuff – such as advanced SIEM systems, SOAR solutions, CASB, PAM, SAST and DAST solutions. Thanks to these tools and processes, the SOC is able to ensure confidentiality, integrity, availability and provide its core services:
- Real-time monitoring;
- Event and incident management;
- Proactive hunting;
- Security investigations;
- Security incident simulations;
- Vulnerability management;
- Threat detection engineering;
- Security technology management;
- Information security consultancy.
Whichever way you’re inclined on cybersecurity, the Security Operations Centre will certainly harness your abilities and reward competence and commitment as per industry standard frameworks. A systematic career progression path is part and parcel with any SOC employee’s employment experience, with plenty of access to training and formal education opportunities. The MITA SOC strives to be a leader in cybersecurity and as such, it upholds excellence in its work and in furthering the Government’s cybersecurity ambitions.