A co-development approach to SaaS cybersecurity

  • March 10, 2021
  • Nuala Armstrong-Walsh
Wear Bridge Sunderland

SOC.OS and the Gentoo Group are making the most of our co-development approach to deliver an effective centralised alert monitoring solution.

SOC.OS and the Gentoo Group are making the most of our co-development approach. We’re working together to deliver an effective centralised alert monitoring solution.
The Gentoo Group is a Sunderland-based not-for-profit housing association that owns and manages more than 29,000 homes. They also happen to be one of SOC.OS’s first early adopting customers, integral to the process of shaping our product roadmap through feedback.

The challenges that the security team at the Sunderland housing group are facing are not exclusive to their field. A low level of cyber awareness amongst non-technical colleagues and stretched resources is common. At Gentoo Group, the team’s resources are split between Network Operations and Security Operations. They have a number of tools deployed to monitor and protect their network, and the volume of security alerts is challenging for the team to manage alongside their other responsibilities.

Active alert monitoring

According to Jon, the Gentoo Group’s Systems Support Engineer, SOC.OS does what the team often wouldn’t have time to focus on. It looks through all the alert logs to find the malicious needle in the needlestack on their behalf. SOC.OS pulls in alert data from your integrated security tools and correlates related alerts into clusters. Cluster visualisations tell the story of an incident, while table widgets show the 10 ‘Most seen’ MITRE ATT&CK® threat types, or external IP addresses on your network. These features mean that you can “take in a lot of information at one glance” from the SOC.OS Dashboard – a feature that Jon’s feedback directly influenced.

Besides greater visibility of activity on the users network, SOC.OS can also investigate the negative space – areas on the network where alerts are not produced. Does an absence of alerts simply mean that nothing is happening in this area, or does it point to a gap in a user’s defences? In this case, Jon will conduct a ‘Red Team’ exercise. If no alerts are triggered, this could point to a potential gap in their defences and with inform hardening and maintenance.

A holistic approach

Another important area of Jon and Gentoo’s cybersecurity strategy is the vital staff training and awareness programmes. An organisation’s staff are at the same time the biggest potential weakness and its biggest defence opportunity. Gentoo use online training as well as simulated phishing exercises to encourage best practices amongst their staff, and the next goal for Jon is to get more staff practicing high standards of cybersecurity in their personal lives. This goal is certainly applicable outside of Gentoo Group, with 2-Factor Authentication, good password hygiene and carefully considering what personal details we share with applications and on social media crucial to protecting ourselves.

SOC.OS and the Gentoo Group’s partnership highlights the importance of active engagement in your cybersecurity toolset to achieve good outcomes – the Gentoo Group undergo regular cybersecurity audits and the feedback is strong for their sector. Research from the Ponemon Institute shows that 53% of IT leaders aren’t sure that their security tools are working correctly, meaning improved visibility and centralized monitoring capabilities have never been more vital.

About the author

Nuala Armstrong-Walsh

Nuala Armstrong-Walsh