Trident Blog

Trident's Security Operations Centre

Kat McDevitt - Thursday, March 21, 2019

The Security Operations Centre (SOC) is a secure location from which all our security solutions can be deployed, monitored and managed. Consolidating monitored device data into an industry leading software platform while leveraging machine learning, allows the SOC to detect, identify and monitor suspicious or irregular behaviour across your network and systems.

A Security Operations Centre houses a security team responsible for monitoring and analysing organisations security position on a continual basis. The SOC’s aim is to detect, analyse and respond to cybersecurity incidents using various solutions and processes. The SOC observes and analyses activity on networks, applications, servers, endpoints, databases and websites looking for abnormal activity that might be a security incident.  The SOC is responsible for ensuring that potential security incidents are correctly identified, analysed, defended and reported.

The benefit of a SOC is the constant improvement of a company’s security, but the continuous monitoring and analysis of activity. This allows for threats to be detected and responded to in a timely manner, allowing organisations to close the gap on their security breaches and prevent being compromised. 

Why you need it? Challenges in the Education Sector:      
  • Open networks to allow easy connectivity for staff, students and the wider school community are now commonplace on Australian school campuses This can make them alluring targets for cybercriminals – especially since learning institutions possess sensitive personal and financial data for their many users.
  • When networks are open to allow easy connectivity, security can be lessened to enable a good end-user experience, which can provide an ideal  environment for low-risk-high-reward cyberattacks
  • Modern cybersecurity threats are becoming more sophisticated and harder to identify. Researchers suggest it takes more 150 days to detect intruders to networks without leading edge solutions.
  • Schools are no longer 9am to 4pm environments. Network users with high-level credentials, such as school executives and senior staff, are often accessing data remotely via home internet connections - opening the door to user credential theft and data exposure outside the school’s network.

Security Incident Management 
Our SOC’s Security Incident Management means that we are able to track and monitor various threats and issues to executive systems. This includes:
  • Identifying malicious insider threats
  • Notable Event Identification & Alerting 
  • Incident Remediation recommendation or Rectification  recommendations
  • Incident Monitoring & Escalation
  • Incident Review and Recommendations
  • Actively responding to and neutralising threats
Detection and Response
The Security Operations Centre will be able to detect and respond to the following:
  • Network scans, Metasploit activities and multiple account lockouts
  • Sophisticated Intrusions from inside and externally.
  • Identification of phishing attacks, recipients and communicating with phishing URLs
  • Misuse of services, such as excessive uploads and downloads, use of external DNS and excessive file or folder copies to external devices 
If you are interested in finding out more about our Security Operations Centre get in touch with your Account Manager or contact us.






 

Share this article on:
 
Share on LinkdIn Share on Twitter

 


 

Comments
Post has no comments.
Post a Comment




Captcha Image

Trackback Link
http://www.trident.com.au/BlogRetrieve.aspx?BlogID=14745&PostID=765863&A=Trackback
Trackbacks
Post has no trackbacks.
 

Recent Posts


Tags


Archive