Your company has digital assets that need to be protected. GDPR requires that a company detect any security incident involving personal data and report them within 72 hours, so you also have a legal obligation to be secure. You have responsibly defended yourself with cyber security tools like firewalls, antivirus and intrusion detection. So you’re good, right? Well, maybe not.
Put guards on your walls
This defensive equipment is set to perform specific tasks, but new vulnerabilities are discovered every day. New attacks and new threats constantly develop. These defensive tools are useful, but there is no such thing as 100% protection. If you haven’t been breached yet, most likely you will be.
Only having security tools is like building a wall to keep out the barbarians but neglecting to staff it with guards. You can’t just install your security tools and leave them running; you need someone to also monitor what is going on.
When an incident happens, you need to detect it and respond very quickly. This is the job of the Security Operations Center (SOC), and this is what makes it invaluable.
Be active, not passive
A SOC is a department which is dedicated and organized to prevent, detect, assess and respond to security issues in IT systems and IT infrastructure. These are your guards on the walls, ready to react when they see barbarians at the gate. An SOC can be either your own department or a provider of SOC as a service.
Basefarm’s SOC includes:
• Certified security Alert Analysts who review and act on security incidents 24/7/365.
• A Security Incident Response Team (BF-SIRT) who work on incidents escalated from the security analysts.
• Security Engineers who continuously improve and implement security solutions and are ready to react to emerging threats.
More than simply reacting to events
An SOC responds quickly to incidents, but these security experts also provide proactive security. They are aware of new threats before they materialize. They know what hardware and software you are running so can keep an eye on specific developing threats. They provide suggestions to improve and strengthen your IT environment. When something does occur, they can help with forensics to learn from the incident and take steps to further strengthen yourself.
This might interest you too:
Author: Fredrik Svantes, Senior Information Security Manager, Basefarm
Fredrik Svantes is the Head of the Basefarm Security Operations department and has also lead the Basefarm Security Incident Response Team for the past seven years. Previously he has worked for companies such as Blizzard Entertainment, doing detective work on logs for massive online platforms running games such as World of Warcraft. Blog: http://bfblogg.wpengine.com . Twitter: @fredriksvantes .