How a central cyber command and control centre is the best defence against top security threats

By GovInsider

Trustwave, Singtel's cybersecurity arm, explains how a Security Operations Centre (SOC) will help in defending against cyber-attacks.

With organisations digitalising their business, data has become the currency of trade. New business models not only depend on data analytics, to understand things like customer buying preferences; they also collect humungous amounts of raw data.

Most of this data is housed in the cloud for efficiency. The business intelligence derived from analytics on this cloud data has tremendously improved business agility. However, it has made an organisation’s environment more complicated and thus harder to defend.

Cyber criminals are targeting data which can be monetised in an increasingly data-driven global economy. Top attack vectors in Asia like advanced persistent threats (APTs), phishing, malware and ransomware are increasing becoming difficult to defend against without a top-notch cybersecurity set-up. Traditional defence tools like anti-virus, firewalls and access control are limited in their effectiveness when data and applications are scattered over a multitude of different clouds.

According to 2019 Trustwave Global Security Report, “phishing and other socio-engineering techniques…were responsible for a majority of breaches in POS and cloud environments.”

With a growing trend of increasingly sophisticated attacks, many organisations are opting for a managed security services provider (MSSP) that covers the entire lifecycle of a security incident--from initial detection through returning a network back to steady state operation—all under one roof.
 

Enter the SOC


MSSPs must be able to provide extended capabilities for proactive, advanced threat detection and real-time incident response, containment and remediation. They must share security intelligence and resources across a global network of locations to assess threats in real-time, and collaborate globally across their operations. All from a Security Operations Centre (SOC), which serves as the centralised command and control centre.

A SOC can help detect threats and respond very early in order to prevent major damage. This is crucial, as time is the most critical resource for effective cyber security incident response.

When dwell time - the time lag between a breach and its detection - goes down dramatically, so does its associated impact. It is useful to remember that a breach does not immediately result in a loss; it takes some time for a threat actor to exfiltrate data from a network. Early detection helps limit damage.

“Advanced APT threat actors are very good at [laying low] and ‘living off the land’ by using system administration and Window tools, not a lot of [noticeable] malware,” says Brain Hussey, VP of cyber threat detection and response at Trustwave.

Trustwave, Singtel’s cybersecurity arm, runs a global network of advanced SOCs (ASOCs) to defend against the latest threats using a combination of comprehensive threat intelligence, big data analytics and advanced security automation tools.

Unique to Trustwave ASOCs is their ability to cover every aspect of a security incident or potential breach all the way from initial detection to final resolution. This includes 24x7 proactive threat hunting, monitoring and detection operations, incident response, breach containment, and remediation activities needed to return operations to normal soonest possible.
 

Necessary talent


Due to the global shortage of skilled cyber talent, and, in some cases, budget, it is difficult for organisations to monitor their environment round-the-clock, a necessity given that cyber-attacks can happen any time.

A SOC, with highly experienced cybersecurity analysts and trained engineers, has high visibility of the threat landscape through cyber intelligence findings. These talents can correlate the information and data gathered from across various sources, and drill down into the forensic details of an attack is easier to give a better understanding of the root cause and methods of propagation of an attack. This can streamline efforts to get to the bottom of a security incident if and when it occurs.

Trustwave ASOCs are backed by its Trustwave SpiderLabs team which has a deep bench of some of the world’s leading proactive threat hunters, ethical hackers, incident responders, and advanced researchers. This combination of people, process and technology helps to predict and counter rising threats, and drives immediate action and response as security incidents emerge.
 

Visibility and control


Teams in SOCs – whether owned or outsourced SOCs – must have complete visibility and control over how security resources are provisioned, monitored and managed across any environment.

Trustwave recently announced its cloud-native Fusion platform which offers a single view of threats, technology management, vulnerabilities and perceived risks across an organisation’s entire environment.

It connects enterprises and government institutions to a security cloud composed of the Trustwave data lake, advanced analytics, actionable threat intelligence, a deep portfolio of products and security services, and Trustwave SpiderLabs. The platform unifies Trustwave people, processes and technology into an intuitive application to deliver the ability to manage complex security programmes from a computer, tablet or mobile phone.

The Trustwave Fusion is now available locally in Singapore, runs completely in-country and supports Singapore data sovereignty laws and regulations. It delivers the full capabilities and offerings of Trustwave to modern organisations in Singapore no matter how laws dictate handling of data.

In summary, a SOC simplifies the entire process of managing and eradicating top security threats such as APTs, phishing and malware. It can also transform network security from a Capex (capital expenditure) into an Opex (operating expenditure), and be delivered using a single cloud-native Singapore-based platform, to give you unprecedented visibility and control of your cybersecurity posture at all times.

Singtel will be at GovWare booth #H08 from 1-3 October.