By Jenny Wu | Senior Incident Response Consultant at LRQA Nettitude
In 2019, 12,174 new vulnerabilities[1] were reported to MITRE, and cybersecurity-related attacks are expected to cost over $6 trillion USD in damages globally by 2021[2]. These numbers show that the threats in today’s world are only increasing. Threat actors and their tactics are evolving to be more sophisticated than ever, outwitting static alerts and traditional means of detection.
Organizations are facing increasing pressure from all sides to meet cybersecurity requirements and protect the business: government bodies, compliance organizations, partners, clients, and leadership. In order to manage and successfully mitigate these threats, organizations must be poised to detect them; however, detection requires skilled personnel and smooth processes combined with the appropriate technology to combat these ever-growing and evolving threats. SOC monitoring is an organization’s best ally in detecting these threats.
What are the current cyber-risks to businesses?
Detection is necessary for organizations of any size. Threat actors may strike at any time of day and use techniques your current technology stack is not designed to stop. This may include social-engineering your users or vendors, taking over the mail server of a legitimate partner, exploiting a server that you thought was decommissioned, etc. In order to respond and stop these threats, it is essential to detect them first.
These threat actors are rapidly outpacing many organization’s detection technologies and staff who may not have the telemetry to detect subtler attacks or be available to monitor the environment at all times of the day and year. The longer an attacker remains in your environment (dwell time), the greater the damage they could do, and this translates directly into costs: loss of revenue from downtime, litigation fees, and may even lead to the end of organizations who cannot recover from these attacks.
Organizations attempt to counter this by investing more in technologies that don’t fit with the environment, sending staff to training that is not put in practice enough to be effective. In those cases, organizations may want to turn to a Security Operations Center (SOC) service who specialize in monitoring, detecting, and mitigating threats.
How can SOC Monitor help?
LRQA Nettitude SOC Monitor solution offers 24x7 monitoring solutions, 365 days a year with a skilled team of analysts certified and accredited in cybersecurity, and advanced technologies that provide both reactive and proactive detection for your organization. Our varied technology stack ensures coverage across all steps in the MITRE ATT&CK Matrix so no threat actors can pass us by.
LRQA Nettitude is not only committed to detecting threats and mitigating them, we are also committed to helping you fulfill your monitoring-related regulatory compliance and legal requirements. LRQA Nettitude SOC as a service is fully certified against the PCI DSS as a PCI service provider function, fully assessed and certified under the HMG Cyber Essential Plus scheme, and the environment is fully certified as ISO 27001 compliant.
Clients are updated monthly or quarterly, depending on preference, with management reports to give insight into the health of the SOC Monitor service and organization’s threats, so you’ll never be left in the dark. Clients will also receive web console access to the SIEM, so you can check alerts and the health of your environment anytime, anywhere.
Why should I outsource this?
Leveraging information and other aspects of LRQA Nettitude’s business, the SOC makes tremendous advancements in detection and monitoring abilities for organizations of varying budgets and sizes.
LRQA Nettitude has partnered with industry-leading solutions and companies such as LogRhythm, Tenable.io, and VMWare’s CarbonBlack. Combined with proprietary detection technologies such as honey traps and network monitors, data analytics, automation, and machine learning, LRQA Nettitude’s technology stack offers some of the strongest and robust monitoring services for organizations of any maturity and size. However, technology alone does not make an organization secure, and LRQA Nettitude understands that.
Knowledge of and experience with would-be adversaries and their methods are essential to detecting them. LRQA Nettitude’s SOC analysts have the benefit of keeping up with the latest threats found through the LRQA Nettitude Threat Intelligence team, 3rd party data streams, intelligence sharing partners, and LRQA Nettitude’s global honeypot network. This gives the team the ability to deliver proactive threat-hunting and making predictive decisions to prevent attackers from gaining a foothold.
LRQA Nettitude understands the importance of knowledge and skill retention. All of LRQA Nettitude’s analysts are fully trained via an in-depth training program, including courses through the likes of SANs and 7Safe. Monthly black-box attack simulations and proactive threat hunts focused on tools, tactics, and procedures of threat actors are conducted to keep analyst training current in detecting known and unknown threats.
Taking a holistic approach
The SOC regularly engages with seasoned red-teamers and penetration testing teams who emulate real-world attackers. Regular, unannounced tests by these teams are conducted against the SOC, deepening the team’s knowledge of different attack methods and attack vectors that most organizations might miss. This ensures every analyst in our SOC has had experience identifying subtle indicators of intrusion and knows how to respond to a real attack.
When incidents do occur, Netittude’s Incident Response team works seamlessly with the SOC to help clients manage and recover from incidents. Additional information learned from these incidents are passed onto the SOC’s playbooks and orchestration technologies, and improving the overall process.
The process does not end there. LRQA Nettitude understands threats and threat landscapes are constantly changing. Clients are engaged in service reviews on a quarterly basis to review the threat landscape, address client concerns, evaluate the service, and update any changes to the organization’s risk and risk appetite. This way, the SOC Monitor service is able to correctly and accurately provide the most value to clients and ensure all alerts and monitoring remains relevant and valuable.
Time to act
Threat actors and their techniques are becoming more sophisticated, and more vulnerabilities are being found every year. Organizations should not have to struggle through these issues alone. LRQA Nettitude’s SOC Monitor service provides 24x7 monitoring and proactive detection all year round. SOC Monitor utilizes an industry-leading technology stack managed by a knowledgeable team of analysts who are informed by real-world attacks and threat intelligence who are ready to be deployed in your environment.
Ready to find out more? Please don't hesitate to contact the LRQA Nettitude team.
[1] https://www.cvedetails.com/browse-by-date.php
[2] https://cybersecurityventures.com/cybercrime-damages-6-trillion-by-2021/
