A cyber security chief is aiming to address a “fatal flaw” in the prevailing security operations centre (SOC) model.
Stephen Holmes last year joined London-based IT support firm Reflective IT, having previously headed up global cyber security for two large, publicly listed firms in the finance and pharmaceutical sectors.
Reflective IT’s new SOC – the fourth Holmes has built and led in the last 20 years – is designed to address a major chink in the armour of current approaches, he explained.
“Fatal flaw”
Stephen Holmes
The world’s largest detection and response vendors do a brilliant job of detecting suspicious behaviour, Holmes said.
“There’s a fatal flaw in their operating model though, which we’re addressing with our SOC service,” Holmes said.
“An alert is fired to their helpdesk, where they triage the incident. If they can’t resolve it, they pass it back to the client, or to the client’s MSP. That introduces substantial delay when minutes or even seconds can be crucial in minimising the impact of an attack.”
Delay
“The majority of attacks happen out of hours. So normally, some poor MSP guy will have to scramble out of bed at 2am and think about resolving a security incident that is escalating really quickly and needed to be contained 2 hours ago,” Holmes continued.
“The hacker is your enemy and so is delay”
“Reflective’s SOC acts as an internal team with the ability to contain the attack, minimise impact, manage reputation and recover ASAP. No passing the alert over. No delay.”
User support
“Importantly…and no-one speaks about this…but there is also a hugely important piece of work in guiding affected users and their managers through disruption, especially if users had to be isolated from the network and they can’t work. We do that, just as an internal team would. Other SOC services fall short on that.”
“Our clients have been customers of the world’s leading MDR and SOC services. We have seen first-hand how they all fall short on both the delay and the user management aspect.”
24/7 eyes on glass
Reflective IT’s new SOC has 24/7 eyes on glass.
“This means Reflective IT can contain and remediate an attack in the shortest time possible, whatever the time of day, thereby protecting the client’s reputation”, Holmes said.
Its SOC comprises of a London based team and an additional near-shore team who provide 24/7 cover.
SOC is priority number 1
After 20 years of leading security operations and large-scale cyber transformations, Stephen has reached the conclusion:
“I have seen that you’re basically wasting your time on cyber security unless you get the SOC done right.”
He added: “There are elements of a security program you can possibly get away with not doing, if your risk tolerance allows. But you absolutely do need to know if you’re being hacked, when the attack started, how – (so it doesn’t happen again!) – which of your assets the attackers have compromised and what they could reach next”.
“Once you have that, you then need the response and recovery capability to maintain your company’s reputation during attack”.
“Avoid the toe-curling scene I’ve seen up close when a CEO first learned they had been hacked and their data had been breached when shareholders told him about it!”
“Eyes-wide-open moment”
David Hartup
Reflective IT Founder David Hartup agreed, acknowledging that many MSPs and end users are currently out of their depth on cyber.
“Clients believe their MSP is their cybersecurity expert and is doing cyber for them,” he said.
“I had a eyes-wide-open moment when I realised we didn’t have the capacity to do this. If we really wanted to exist as a business in ten years’ time, we needed to lean on a devoted cybersecurity element.
“That’s why we went out to recruit for Stephen’s role, and when he joined it was a revelation.
“The reality is that so many MSPs sink under the pressure of a cyber incident. They push all their resources into it, and don’t handle it properly.
“Hence why when Stephen joined and said ‘we’re going to launch a SOC’ it was a shift in understanding for me and the technical expertise that is required to run and deliver security operations to a business.”
All sectors welcome
Reflective IT’s new SOC offering can scale from below 50 to over 1,000 seats.
“Previously leading a SOC in the pharma industry, I especially appreciate the critical need to fully protect sensitive health data from breach and the requirements of the pharma supply chain,” Holmes said.
“But we welcome companies from all sectors and of all sizes because they all need protecting from attack.”
Cyber skills shortage
Despite the notorious cyber skills shortage, Holmes emphasised that he has “no problem” with retaining skilled SOC engineers.
“I learned the hard lessons long ago and know how to retain SOC staff but more importantly to allow them to grow and when to let them go. The team members I recruited in my last SOC have gone on to do brilliant things within SOC and we remain friends.” he said.
“It can understand how retaining SOC staff could be an issue for MSPs who are trying to convert into cyber security. They just don’t have the background and experience. I’m looking forward to developing every one of our team to reach the elite performance you need to counter sophisticated attacks.“
Main benefits
Reflective see the main benefits to be gained from engaging Reflective’s SOC to be:
-
- Peace of mind with the SOC as your internal 24x7x365 team to fully manage the complete lifecycle of cyber incidents
-
- Productivity maintained by managing users’ disruption during an incident
-
- Maximisation of your time and investment in security by aligning your defences to attack techniques seen in your business sector
-
- Keeping your company safe with the threat intelligence provided by Reflective
-
- Assurance provided to your stakeholders that you protect the company’s assets appropriately
This article was produced in association with xpandly and is classified as partner content. What is partner content? See more here.
