Written by Henri Willmott
Content Manager
By the 3rd September 1939, Britain was at war and one of the most critical aspects of Britain’s defence was a string radars on the south coast. These radars would play a critical role in determining, identifying and alerting the RAF to hostile bombers. It was this early warning system that allowed the RAF to coordinate a strong defence of the skies and mitigate some of the worse effects of the German bombing campaign. Just as the radar played an important role in the ‘Dowdy system’ (Britain’s air defence network), there is a pressing demand for an early warning system in cybersecurity. This is increasingly being realised in security operations centres (SOC) which can analyse, identify and deter hostile cybersecurity activities. SOC is comprised of a mix of human (security analysts, engineers, investigators etc) and automated functions which create the frontline of cybersecurity. With an integrated approach of human resources and automated management, a SOC will ensure a fast response to present and foreseeable threats to cyberinfrastructure. However, with new and more complexed evolutions in cyber threats, SOC will have to adapt and improve its effectiveness. Equally, with a slump in the supply of security analysts and other roles in this sector, it is apparent there is a widening skills gap and thus will have to be more creative in attracting talent.
As identified, SOC is comprised of human responses and automated responses to cyber incidents. Therefore, the two main challenges to this industry can be found in automation and the worrying shortfall of skilled security analysts. For SOCs to remain effective in the future, greater automation is needed in meeting the higher levels of cyber traffic and more sophisticated threats. Without the super analytical processing power of SOAR (Security orchestration, automation and response), SIEM (security information and event management) and UEBA (user and entity behavioural analytics), managing and analysing cyber traffic would be like sending a lone teacher to look after two coaches of children on a school trip. Thus, automation of identifying and analysing cyber traffic will be essential for maintaining quick response times and effective cyber mitigation. For instance, SOAR can collect data from multiple threats and simultaneously identify, respond and mitigate incidents without the need for a human response. As you can imagine, SOAR allows for a SOC to operate on multiple fronts, with an anytime service that doesn’t rely on the caffeine-fuelled nightshifts from human agents. This is not to suggest that the human role in SOC’s is in any way diminished, but it does allow for a broader safety net that can identify cyber incidents without diverting the valuable attention and resources of the team of security analyst’s, managers and investigators. Equally, in an industry that is struggling to find enough skilled staff, automation can go a long way in easing the pressure of the skills shortage.
Interestingly, Microsoft and Circradence Corporation has found an innovative and creative solution in making the training of cybersecurity more enjoyable. They have created a fun and interactive game that can test and educate individuals on cybersecurity. The widely appraised ‘Into the Breach’ capture the flag experience has inspired cybersecurity students to tweak their tactics and improve their cyber credentials. The gamification of cybersecurity is under the flagship project Ares (appropriately named after the Greek god of war and courage) and has helped engage flanks of new ambitious cybersecurity students. However, this is also helpful for CISO’s and CIO’s to improve their cyber preparedness and team coordination. It is predicted that there will be 3.5 million unfilled security jobs globally in 2021 and if gamification can help boost the uptake of cybersecurity then this will go some way to meeting challenges in SOCs in the future.
Overall, as our economy becomes more digitalised the threat that cyber incidents pose will grow in frequency and severity. The challenge for SOC’s is effectively upscaling operations to manage new levels of cyber traffic and maintain a quick response time. The demand for analysing, identifying and responding to such threats will become critical to corporate and national security. Just as the radar helped give Britain the edge in the battle for the skies, SOCs will continue to provide the template of cyber defence.