We asked Chloe Steinke, Security Operations Centre (SOC) Analyst, to share a bit about Daisy’s dedicated customer-facing security function and how we ensure our customers always get the best advice and cyber protection.
What is the Daisy SOC?
SOC stands for Security Operations Centre. Daisy’s UK-based 24/7 SOC is responsible for monitoring our customers’ IT infrastructure to identify security weaknesses and detect and respond to threats. We are a team of people from all sorts of different backgrounds within IT, different areas of knowledge, and different lengths of service, but we all have an enthusiasm for, and commitment to, protecting our customers against cyber threats – as big of a topic as that is.
What services and technologies make up Daisy’s SOC offering?
Oh now, how long is a piece of string? Although we have a selection of products at the moment, we are always ready to assess and adopt new products and processes. And that’s an important factor; cyber security and cyber threats are not static – there’s no chance to rest on your laurels or ride out your career only knowing the one set of software. As threats evolve, the security software evolves, the processes evolve, and so do we.
However, to answer the question – some of the technologies we’re currently using are:
Microsoft Defender for Endpoint – a really nice endpoint detection & response (EDR) product made by Microsoft. It allows us to protect our customer’s endpoint and servers – both from a malware perspective, and from a vulnerability perspective, such as patching compliance. All wrapped up into one interface.
We have some SIEM platforms – that’s Security Information & Event Management, which monitors our customer’s infrastructure for security breaches. Not only would we get alerts and data from Microsoft but from other devices such as Linux and firewalls. The SIEM platform collates all this data to give us “snappy” alarms when something suspicious is going on. We use Microsoft Sentinel’s SIEM platform – another of Microsoft’s great security products.
We use Qualy’s Vulnerability Management, Detection & Response (VMDR) platform to identify and prioritise vulnerabilities, both software and misconfigurations, on both our own infrastructure and that of our customers. This is great to see where things might have been missed which would leave us vulnerable.
On the network side, we have Netscout’s Arbor DDoS Protection solution. This watches Daisy’s network for denial of service attacks against our customers, and if it spots something, it’ll quickly put a stop to it and let us know. We also have intrusion prevention system (IPS) from Palo Alto and Cisco. This watches our customer’s firewall traffic for anything unusual, also stopping it and letting us know.
So that is some of the services and technologies we provide in the SOC.
What are the benefits of Daisy’s SOC services?
In 2020 there were more than 18,000 CVEs – that’s named vulnerabilities – like how they name storms. That’s a lot of data to trawl through for a business without a dedicated SOC. That’s where we can help.
I suppose some could argue, “I know what products I have, I only need to worry about these”. But take a vulnerability from last year dubbed “Log4Shell” – initially, it looked fairly limited as to what devices or systems it affected, and yet we were still finding new software with this issue six months on.
Then there are the bigger threats – less vendor orientated, more Internet-wide – including threat actors’ current attack techniques, such as denial of service activity or targeted ransomware attacks.
All these things need to be filtered down, mulled over and focused upon based on the specific needs of our customer’s organisation. And as I’ve mentioned, we have some great products and managed services enabling us to help with this. But one of the key assets is the people, the SOC. Security isn’t a product or a tick box, it’s a mindset.
Our SOC team have an impressive enthusiasm for this topic (we do it in our spare time too!), but not only that, we link out to other groups and organisations around the globe to keep up to date with the latest news and threats. We ensure this knowledge is propagated to our engineers, business and customers and suitable actions are taken to keep us all safe. It’s very much an ongoing project.
What do the next 12 months look like for the Daisy SOC?
As I hope I’ve managed to get across, the SOC is quite a dynamic team due to the nature of our work. We can never be certain what’s around the corner in the world of cyber threats, but we remain vigilant and keep ready for the unexpected.
Part of what helps us with that is keeping good relationships and connections with other cyber security organisations – Government Cyber Security (both UK and International), security vendors, Police, NHS etc. We also keep up to date with news within the cyber security community via various forums, blogs and websites. This is the background work for the next 12 months – whatever happens.
For the next 12 months, we also have a roadmap for expansion approved by the business – both for the services we provide and the size of the team required to provide these services.
However, as is to be expected, we are always at risk of having our resources tied up in major threats or attacks. Our team numbers cater to this requirement, but obviously, it can take its toll on less important planned work.
Hopefully, it’ll be a quiet 12 months, but that’s not very likely. However, rest assured the SOC’s got its eye out for the things that can be foreseen, and we’re ready for the things that can’t.
Daisy has a 25-year track record of delivering managed security services. Daisy’s accreditations include Cyber Essentials Plus, ISO 27001 (Information Security Management), ISO 22301 (Business Continuity Management) and ISO 20000 (IT Services Management). Members of our SOC hold accreditations such as Certified Ethical Hacker (CEH), Certified Information Systems Security Professional (CISSP) and Certified Information Security Manager (CISM).
About Chloe Steinke
- Chloe has worked at Daisy for more than two years and in customer services for more than five years. She brings a wealth of customer-facing experience to the role, having worked within our acclaimed IT service desk and for the past six months, within our specialist security operations centre team.