Check out all of our upcoming events

Blog

Latest cybersecurity news, insights and commentary by Telesoft engineers and specialists

SecOps: What is it and why is it essential for your business?

Written by Robert Fitzsimons on Tuesday, 24 March 2020. Posted in Cyber

Cybercrime brings significant costs to organisations in both taking proactive steps to prevent attacks and the reactive actions necessary to deal with the consequences. Effective security operations, or SecOps, are crucially important to safeguard the profitability of organisation, whether this is protecting against threats that may impact client relationships or protecting the organisations IP. On top of this, every organisation has an obligation to protect the data it controls responsibly. The European Union General Data Protection Regulation (GDPR) and associated UK Data Protection Act 2018 requires that certain types of personal data breaches are reported to the the relevant supervisory authority within 72 hours, where feasible. The quicker an organisation is able to identify and avoid or respond to threats, the stronger its position.

The aim of Security Operations (SecOps) is to protect the information and assets of an organisation’s network on a day-to-day basis encompassing all of the people, systems and data held within it. To manage the core mission of incident detection and response there is the concept of a Security Operations Centre (SOC) which defines the policies, standards, procedures and guidelines for the core and support services needed to secure an organisation.

The key aims of a SOC are to:

  • Detect and respond to threats, keeping the information held on systems and networks secure
  • Increase resilience by learning about the changing threat landscape to proactively prevent threats
  • Identify and address negligent or criminal behaviours
  • Derive business intelligence about user behaviours, in order to shape and prioritise development of technologies

The aims above should result in a continuous improvement process whereby the SOC monitoring the organisations network learn about the incidents they have encountered or prevented and can learn to protect against future threats. SecOps promotes the use of technology and processes across an organisation to achieve this and keep all systems and data secure.

Monitoring for a SCO

[1] Key monitoring requirements for a SOC team

SOC teams will monitor any observable occurrence in a system and or network, and analyse these “events” to establish whether further action is needed. Security Information and Event Management (SIEM) tools aggregate data across an organisation to enable this information to be analysed by SOCs to detect threats, anomalous behaviour, trends and security breaches.  SIEM tools will likely include the functionality to report and complete forensics on security incidents and may include alerts driven by analytics.

SIEM to protect SOC

[2] A SIEM system to support SOC operations

 The intention of SecOps is to create a security culture that goes beyond just the security team. Operations teams historically are driven by goals to maintain the uptime and performance for systems while security teams focus on verifying regulatory and compliance requirements. In reality security is a fundamental requirement for every system. SecOps brings together operations and security teams with the aim of ensuring systems and processes are built with security as a core requirement. A modern SOC will embed a SecOps mentality across an organisation.

Data privacy and advances in technology have moved the security of digital assets to the top of the agenda for business leaders. The effective management of data security and privacy protection are now recognised as key organisational objectives and managing the risk is essential to an organisations success. Adopting a SecOps approach within an organisation is the way to achieve this.

References

  1. https://resources.infosecinstitute.com/category/certifications-training/cissp/domains/security-operations/#gref
  2. https://www.ncsc.gov.uk/guidance/security-operations-centre-soc-buyers-guide
  3. https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/personal-data-breaches/
  4. https://www.mitre.org/sites/default/files/publications/pr-13-1028-mitre-10-strategies-cyber-ops-center.pdf

 

 

About the Author

Robert Fitzsimons

Robert Fitzsimons

Rob is a Field Applications Engineer with a background in Military Intelligence who recently completed his BSc (Hons) Intelligence and Cyber Security degree.

Information cookies

Cookies are short reports that are sent and stored on the hard drive of the user's computer through your browser when it connects to a web. Cookies can be used to collect and store user data while connected to provide you the requested services and sometimes tend not to keep. Cookies can be themselves or others.

There are several types of cookies:

  • Technical cookies that facilitate user navigation and use of the various options or services offered by the web as identify the session, allow access to certain areas, facilitate orders, purchases, filling out forms, registration, security, facilitating functionalities (videos, social networks, etc..).
  • Customization cookies that allow users to access services according to their preferences (language, browser, configuration, etc..).
  • Analytical cookies which allow anonymous analysis of the behavior of web users and allow to measure user activity and develop navigation profiles in order to improve the websites.

So when you access our website, in compliance with Article 22 of Law 34/2002 of the Information Society Services, in the analytical cookies treatment, we have requested your consent to their use. All of this is to improve our services. We use Google Analytics to collect anonymous statistical information such as the number of visitors to our site. Cookies added by Google Analytics are governed by the privacy policies of Google Analytics. If you want you can disable cookies from Google Analytics.

However, please note that you can enable or disable cookies by following the instructions of your browser.