When you think of a Security Operations Centre (SOC), what comes to mind?

A dark underground room with a screen wall and one-way glass?

Rows of Analysts filtering through logs and researching the latest TTPs and IOCs ?

Maybe a flashing light for when a P1 is called?

These things are all essential, as a SOC is responsible for looking after some of your organisation's most sensitive data. At The Missing Link, however, we believe that our SOC is more than that. We're an outcome-driven team that provides both proactive and reactive support to our customers and partners.

Our primary responsibility is to protect our client's network and people against malicious threats and cyber attacks. We pride ourselves on our operating model that focuses on collaborative work with our clients and being a Managed Security Service provider that is an augmentation or extension of your in-house IT security team.

We add value by focusing on the following:

  1. 1. Ownership of Alert Triage & Analysis

The volume of alerts (especially during the early stages of a SIEM/XDR Deployment) can be overwhelming for an already busy in-house team. Our role is to identify the alerts that require additional analysis and escalation while whitelisting the false positives, reducing noise and improving efficacy.

  1. 2. Focus on Impact

We invest heavily in our Managed Service onboarding program to really understand your environment and gather as much of an insight into your network and users as possible. The benefits of this are twofold; firstly, our analysts are trained and aware of the nuances in your environment from day 1 - so you see immediate value from the start. Secondly, we apply this knowledge to our Triage and Analysis activities which means that we will provide you with tangible analysis and recommendations with each alert. We're not just going to be a black-box alert machine!

  1. 3. Embrace Automation

We will work with you to develop and deliver pre-determined response playbooks and provide additional remediation recommendations. While these may start as manual actions, we'll look to embrace automation workflows and technologies to reduce your Mean Time To Respond (MTTR) at the earliest opportunity.

As a complement to these, we're also monitoring the cyber threat landscape to keep up with the newest research and emerging threats. Our Defender Team also provides expertise in protective and defensive security controls such as NGFW, PAM, Application Whitelisting etc. We ensure that your environment is protected whilst supporting your IT Operations Team in BAU.

Have you ever wondered what SOC specialists do?

The Missing Link SOC provides proactive and reactive security services 24 x 7 x 365 onshore in Australia. We believe in investing in our people, and as a result, we have one of the most trained and certified teams across the region.

Here's what a typical day for our SOC team looks like.

Roles and responsibilities in our SOC team

Security Analyst (Watchers/Hunters)

Security Analysts are responsible for day-to-day Alert Triage & Analysis and support to our clients. This process covers four stages:

  1. 1. Detection
  2. 2. Analysis
  3. 3. Response
  4. 4. Closure

Security Analysts are the team's workhorses and are often where our ideas/internal projects start. They'll also be responsible for some of the more proactive services such as Threat Hunting, Purple Teaming and CTI research. Investing in our people is such a big part of our team values, so our Analysts are given dedicated time for research, training and personal development as part of their progression plans.

Senior Security Analyst

Senior Analysts are responsible for providing an escalation point for our Analysts as well as being the subject matter experts on a specific client and/or technology. Our seniors will conduct your Managed Service onboarding, alongside the final stages of an implementation project, and they provide additional support through the hyper care stages. When we move to BAU, the seniors will provide you with your scheduled operations meetings and can assist in any continuous service improvement initiatives.

SOC Engineer (Defenders)

SOC Engineers are responsible for implementing, managing, and supporting security technologies and solutions through an ITIL v4 aligned ITSM framework. While these services could be considered more reactive, our team provides 24 x 7 x 365 proactive support to our clients, focusing on critical security controls (ACSC Top 4, NIST Protect) utilising market-leading technologies.

Service Delivery Team

Our Service Delivery Team are the heartbeat of the SOC. Each client is assigned a dedicated Service Delivery representative who will be the conduit between our SOC and your team. The Service Delivery Team will be introduced prior to your Managed Service onboarding and will be the guiding hand throughout the service. Champions of our customer satisfaction and service level agreements, the Service Delivery Team will be driving the delivery of service to meet your expectations.

Are you interested in getting to know our SOC team? Contact us today.

SOC Email Banner 3

 

If you liked this article, you may also like:

Privileged access in the new world

Authentication leaps forward with passwordless

What do you do after a data breach

Author

Nick Forster

Security Architect