In the digital age, defensive security has taken center stage for organizations. It serves as a strong shield against the ever-changing threat landscape and protects an organization’s integrity, reputation, and day-to-day operations. In turn, businesses need to consider a multitude of factors: cutting-edge tools, skilled human resources, strategies, efficient procedures, and carefully allocated budgets. In this context, the role of SOC teams – either internal or third party – becomes crucial.
In this exclusive interview, we had the privilege of speaking with Andrei Rediu, Cyber Security Engineer at Bit Sentinel’s BSS-CERT division. BSS-CERT, based in Bucharest, is one of the very first professional SOC-as-a-Service available for customers across all major verticals and industries who need comprehensive detection, response, and threat intelligence capabilities.
Andrei shared insights from his frontline experience, shedding light on the critical aspects that deserve attention in the realm of defensive cybersecurity. His perspective can be valuable for anyone in the infosec community.
We started off with one of the main challenges in cybersecurity – the current threat landscape – as we were curious to understand what efforts are required to keep up with it to continue to provide an impeccable service to clients:
We stay ahead by harnessing the expertise of our team, implementing robust operational processes, and leveraging cutting-edge technology. Our team of experts consistently excels in their field. They’re passionate about their work and stay well-informed by attending security conferences, engaging in threat intelligence sharing communities, and pursuing training programs. This commitment ensures they have the knowledge and expertise to effectively protect our customers’ environments against the latest threats.
In addition to our carefully designed processes, which include prompt assessment of existing detection alerts, the creation of comprehensive response playbooks, ingestion and processing of threat intelligence information, and more, we take a proactive stance by engaging in activities such as continuous threat hunting and the creation of customized threat detections specifically crafted to match the distinctive environment and characteristics of each organization.
Our skilled team and established processes only work alongside new and advanced technology. We invest in tools for real-time visibility in our clients’ environments. Automation and orchestration enhance our security operations, streamline workflows, and speed up response times while integrating new capabilities seamlessly.
Expectations vs. Reality
From a client’s perspective, however, the questions and concerns take a different angle.
In the face of escalating cyberattacks, the queries arise: is a dedicated SOC team imperative for our cybersecurity strategy? Should we build our in-house team? Is partnering with a third-party provider the better route?
These questions fuel an ongoing debate not only within the cybersecurity community but also among businesses grappling with their security plans.
Andrei recognizes the prevalent concerns. He has addressed some of the misconceptions that often circulate in the business environment:
In terms of misconceptions, it’s a common belief that only large enterprises need the protection of a Security Operations Center. However, in today’s threat landscape, cyber attacks don’t discriminate based on business size. Small and medium businesses are increasingly targeted due to their perceived vulnerability and often they lack the resources and expertise to build and maintain their own security operations centers. That’s where a SOCaaS comes in, providing customized services and solutions to meet the unique needs and budget constraints of businesses of all sizes.
Also, many organizations perceive the implementation of SOCaaS as a complex and daunting task. Having comprehensive support throughout the entire onboarding process, step-by-step instructions, best practices, and troubleshooting guides makes it way easier to navigate and maximize the benefits of all incorporated services.
Lastly, some organizations believe that SOCaaS is cost-prohibitive. However, the reality is that the cost of a cybersecurity breach can far exceed the investment in proactive security measures. To address this concern, SOCaaS comes with flexible pricing models to accommodate various budgets, while still providing the level of security each business requires.
What does “outstanding service” mean when it comes to SOCaaS?
Some businesses have gone past the misconceptions and embraced SOCaaS to fortify their cybersecurity stance. In this strategic shift, the critical imperative is to carefully undertake an initial evaluation when selecting an appropriate SOCaaS provider. After all, the paramount objective is to secure the highest caliber of service to protect sensitive data and critical systems. Within this context, Andrei offers prudent guidance on the key factors that businesses should prioritize when evaluating their options:
When selecting a SOCaaS provider, businesses should look at the provider’s experience, expertise in cybersecurity, alignment of service offerings with organizational needs, utilization of modern technology, and transparent, cost-effective pricing. This evaluation ensures a tailored partnership that addresses unique security challenges and promotes long-term sustainability. Transitioning to SOCaaS represents a strategic move for organizations, and the right provider can help businesses overcome challenges and enhance their cybersecurity protection.
Facing challenges head-on to maintain the upper hand
On top of that, the transition of an organization to SOCaaS is not an easy task either. There are various key factors to be considered, such as integration with existing systems, compliance, change management and so on.
What’s encouraging is that Andrei and his team have experienced this process many times. The great news is that they’ve faced these challenges head-on and also found fitting solutions. We believe their story is a great resource that offers insights on how to assist clients in conquering similar issues with a friendly, helping hand.
Integrating legacy systems presented a unique challenge for some of our clients. They relied on aging infrastructure that needed to seamlessly work with our detection and response platform. To overcome this challenge, we developed custom integration plugins and provided extensive support to ensure a smooth transition without disrupting their operations.
Additionally, a common worry among our clients was the fear of losing control over their security operations. We tackled this by offering transparent communication channels, real-time visibility into security incidents, and a collaborative approach. This allowed our customers to maintain a sense of control while benefiting from the expertise and resources we bring to the table.
Lastly, there’s the challenge of quantifying the return on investment for such a service, which can be tricky because the benefits often relate to intangible aspects like reduced risk and improved security posture. Clients may find it challenging to express these advantages in specific financial terms. To tackle this issue, we collaborate closely with our clients to define relevant security metrics (including a few that are relatively simple, such as the number of security incidents, time to detect, and time to resolution) that align with their security objectives. By consistently monitoring and reporting on these metrics, we provide our clients with a transparent and measurable perspective on the value our SOCaaS delivers.
Over the past three years, the digital landscape has undergone significant transformations, placing immense pressure on small, medium and large organizations alike. From Andrei’s experience in defensive security, cybersecurity specialists need to be actively engaged in deploying a range of strategic efforts to effectively address and mitigate these issues.
We’ve witnessed a common set of security challenges faced by organizations of varying sizes. These challenges stem from evolving threat landscapes which introduce new and less-predictable risks, the intricacies of managing complex infrastructures, and resource limitations such as budget constraints and personnel shortages.
To address these challenges we have continuously adapted by incorporating new threat detection and mitigation capabilities, comprehensive visibility and unified monitoring across diverse technology stacks and architectures, and we have introduced automation and orchestration to reduce the strain on limited personnel resources, while our efficient use of technology optimizes budget allocation.
In a recent success story, a medium-sized infrastructure provider sought our assistance. They were struggling to navigate the complexities of securing their diverse architecture while focusing on their core business.
We initiated the collaboration by integrating them into our detection and response platform. This step brought a multitude of substantial benefits, including the ability to detect threats and suspicious user behavior, proactively hunt for malware that automated rules may not catch, provide telemetry and intelligence for conducting forensics investigations, and respond effectively to security incidents. Additionally, it facilitated the identification of misconfigurations and vulnerabilities, not to mention the essential visibility into the activity of their IT assets.
As a result, the customer significantly improved their security posture and reduced their exposure to cyberattacks. They also gained the capacity to focus more on their core business, with the assurance that their security operations were in capable hands.
Still, cybersecurity strategies should go beyond SOCaaS
As you can already see, there’s a lot that a SOCaaS solution can do for an organization’s defenses. It’s important to note, and Andrei agrees, that businesses should not confine themselves solely to SOCaaS when enhancing their overall security posture.
After all, cybersecurity is a multi faceted field.
And organizations should conscientiously consider all aspects when formulating their security plans and strategies. The question then arises: How extensive should their efforts be?
Consider implementing a security model comprising multiple layers of protection. Start with robust employee training and awareness programs to cultivate a security-conscious culture. Employ strong access controls and identity management systems, limiting user privileges to the minimum necessary. Regularly update and patch all software and systems to address vulnerabilities. Employ network segmentation to isolate critical assets from the rest of your network. Conduct frequent penetration testing and vulnerability assessments to identify and remediate weaknesses. Finally, establish an incident response plan and regularly practice it to minimize the impact of a breach.
Bear in mind that cybersecurity demands ongoing attention, with continuous monitoring and improvement playing a pivotal role in ensuring that both prevention and detection measures are effective and up-to-date.
What’s next for SOCaaS
The future is tumultuous – actually, it always has been, when it comes to cyberthreats.
This question that we asked Andrei at this point aligns with, and even extends, the initial challenge we identified:
What lies ahead for SOCaaS in the context of the perpetually evolving threat landscape?
Looking ahead in SOC as a Service, I think we will see vendors leverage the potential of new technologies for processing vast volumes of data, deploying intricate detection algorithms which will enable rapid identification of advanced threats in nearly real-time. Automation is set to take center stage in this evolution, offering improved data enrichment, swifter incident response times, and a significant reduction in human error.
The success of SOCaaS solutions will also depend on their ability to integrate with a diverse range of security tools, platforms, and infrastructures. This includes both cloud and on-premise environments, as well as the complex worlds of IoT (Internet of Things) and OT (Operational Technology) systems. As emerging technologies like blockchain gain prominence, SOCaaS providers must remain vigilant, crafting tailored detection and response strategies that align with these innovative solutions.
While technology is a critical component, the human element remains irreplaceable. We must continue to invest in skilled cybersecurity professionals who are well-versed in the latest techniques employed by cyber adversaries.
The demand for SOCaaS is expected to surge, driven by a fundamental shift: traditional security measures alone no longer offer sufficient protection. In today’s era of digital transformation, where businesses increasingly depend on technology for critical operations, and individuals freely share extensive information online, the imperative for SOCaaS isn’t a matter of if, but rather the extent to which it should be integrated. Businesses will find that SOCaaS is not merely an option but an indispensable cornerstone of their security strategy.
Towards DefCamp 2023
Andrei and the Bit Sentinel team have been close to DefCamp for many years now and we’re happy to have them join us again in 2023!
If you’re a first timer visiting us this November – and even if you’re coming back for you second, third edition and so on – here are some tips and trick that can help you navigate and make the most of this conference:
DefCamp presents a great opportunity to immerse yourself in the world of cybersecurity. It serves as a vibrant hub of knowledge, where leading experts and the latest industry trends converge. By attending, you can access invaluable insights, stay updated on new threats, and establish meaningful connections with key figures in the field.
To make the most of it, meticulous planning is key. Carefully curate your conference schedule, focusing on sessions that align with your specific interests and career goals. Active participation in discussions and workshops will not only allow you to share your knowledge and expertise but also provide opportunities to learn from others and develop new skills. These experiences will undoubtedly help you maintain a competitive edge in the cybersecurity field.
So get your DefCamp ticket and join us on November 23-24. Don’t miss this chance to be part of one of the most exciting cybersecurity events of the year!
We take this opportunity to mention that DefCamp 2023 is powered by Orange Romania. Moreover, this edition is possible with the support of our main partners: Bit Sentinel, Booking Holdings Center of Excellence, FORT, OPSWAT, Pentest-Tools.com, Siemens and CyberEDU.