24 Hours in a Security Operations Centre (SOC)

Originally published in the London Business Matters magazine (LCCI). Read the first of our three part cyber essentials column...

It’s early as I head into work at Waterstons’ SOC. Not knowing what the day holds is one of the best bits of my job! Settled in and logged on, within seconds a new alert is generated which catches my eye…

At the other end of the country, the FD of one of Waterstons’ clients receives an email. Their business has had many staff on furlough during the Coronavirus pandemic; and an email from ‘HMRC’ has important information about the end of the scheme attached. Opening the link, they’re asked to enter their username and password. The authenticator on their smartphone buzzes, prompting the usual scramble to get it out of their pocket and accept the notification before it expires.

Kieran.png The FD of AcmeCorp doesn’t usually log on to their network from China. I don’t think they’ve even been to China; I know them pretty well from having worked with them. Better play it safe. The SIEM tool has identified the phishing email, so I’m sure it’s not a false alarm! I quickly disable the FD’s account. They wouldn’t be happy if they really were in China, but I think I’m safe. I log on to the client’s network and kill all open connections from that account too. Better force a password reset whilst I’m about it and tell my colleague, their security manager, what’s happened.

client.png Can’t get connected? Don’t know why, but now the system wants me to change my password. The phone’s ringing and that’s a welcome distraction. It’s Waterstons... What do they want?

Kieran.png The FD was understanding of our actions; they suspected something was wrong, but without flashing red lights on their system didn’t do anything and quickly forgot about it. The security manager explained what had happened, and that the email they received wasn’t from HMRC at all.

client.png That could have been embarrassing! Luckily no significant damage and no loss to the business. This year has been hard work on cybersecurity. We started with the NCSC ’10 Steps to Cyber Security’ . Lots of questions about our technology and how we manage users and data… instrumental guidance for us all. The training we had was fantastic, making it clear to everyone they had a part to play in keeping AcmeCorp secure. I had to take it seriously, it’s my job to make sure the business is thriving and profitable, so I’m glad I had Waterstons’ SOC to support me today. Just goes to show, the ‘Human Firewall’ still makes mistakes no matter how good the technology is… but it proved the effort was worthwhile.

To read more on how Waterstons’ SOC and Cyber specialists help businesses combat evolving threats just like this one, see :

Click here to see the main article

Read Part 2 of this series here

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we'll assume that you are happy to receive all cookies. However, you can change your cookie settings at any time. For further information about how we use cookies and how to change your settings, please read our Cookie Notice

I'm fine with this