CLOUDY podcast | #28 How does nonstop protection against hackers work?
- News
What are Security Operation Centers, so-called SOC?
SOC or Security Operation Center, looks at the company as a whole from a security perspective.
So since we have a lot of daily cyber attacks, it's actually a protection against these attacks, right?
Exactly, in light of daily attacks, we can say that every company should have such a center in some form. It doesn't have to be officially called a SOC, but it should have the ability to resolve security incidents.
Security incidents today are such that they do not avoid either large or small companies. So it's not true that "we are too big, they don't dare to attack us or, conversely, we are too small, hackers don't care about us".
How long can a company be hacked without anyone noticing?
That varies. There are types of attacks where attackers are sometimes in that infrastructure for months or years. So it can be realistic that the attacker moves in that infrastructure for a very long time before being detected in this type of attack.
Especially with large companies, we are not talking about having to control one server, but thousands, it is a huge amount of data, etc. It is not like having a house and seeing that this person is a stranger in it, it is like having a shopping mall full of people and it is more difficult to determine who the uninvited guest is.
So what do such SOC centers actually offer and do?
They solve prevention and preparation for resolving incidents. So they do not solve things only when there is a problem, but they set things up so that there is some prevention before the problem occurs.
But of course the primary activity, to simplify it very much, is the detection of those security incidents and resolving security incidents so that they have the smallest possible impact.
It is necessary to realize that these hacker groups today operate as a real business. This means that one part of those attackers focuses only on penetrating the infrastructure, infiltrates the organization - they already have an open back door there and sell that open access to another hacking company, which, for example, only does mapping, which sells it on, which, let's say, encrypts and already negotiates with the company about a ransom. The advantage is at least that these hacking groups often fight among themselves.
SOC is not only about the technology, it is also about the people and their knowledge, who know what to focus on, are knowledgeable about it and know how to solve situations.
Not everyone can afford to have an SOC team. Is it possible to provide this service outside of their employees?
In some form, every company that is at least a little serious about security should have some form of SOC. It does not have to be a dedicated place where SOC is written in large letters and there will be ten analysts who solve the agenda. It can be one or two people who know how to respond to those problems. Building your own SOC team is difficult and expensive.
At the same time, it is possible to outsource the services of such a SOC team. Of course, this is preceded by some kind of contractual agreement, signing a confidentiality agreement, setting competencies, an overview of the security situation in the company, etc. So it is possible to provide such a service outside your own ranks.
So, in simple terms, you just need to call: "Hello, I'm interested in SOC services..."?
Exactly, on our website, you find a contact, call and tell them what's bothering you, a meeting, an idea, a quote, etc. will be arranged. So even if you are engaged in, say, selling furniture and have no ambition to solve cybersecurity yourself, you can provide it this way.
What is the future of such centers?
For me, the pressure on those centers will only grow, whether it's legislative pressure or the number of attacks that will need to be addressed. Of course, we don't know now whether AI, post-quantum encryption, etc. will change anything. It will be very important to have those quality people in your SOC team who understand things.
You can listen to the entire podcast on Spotify, Apple podcast or watch it on YouTube.
