The Gentoo Group is a Sunderland-based not-for-profit housing association that owns and manages more than 29,000 homes. They also happen to be one of SOC.OS’s first early adopting customers and have been integral to the process of shaping our product roadmap through customer feedback.
The challenges that the security team at the Gentoo Group are facing are not exclusive to their field; a low level of cyber awareness amongst their non-technical colleagues and stretched resources. In this case, the team’s resources are split between Network Operations and Security Operations, employing a number of tools to monitor and protect their network. The volume of alerts produced by these different tools is a challenge for the team to monitor and manage alongside their other responsibilities.
Active alert monitoring
According to Jon, the Gentoo Group’s Systems Support Engineer, SOC.OS does what the team often wouldn’t have time to focus on – looking through all the alert logs to find the malicious needle in the haystack. SOC.OS pulls in alert data from your integrated security tools and correlates related alerts into clusters. Cluster visualisations tell the story of an incident, while reporting on the ‘Most seen 10’ MITRE ATT&CK® threat types and external IP addresses picked up on your network means that you can “take in a lot of information at one glance” from the SOC.OS Dashboard – a feature that Jon’s feedback directly impacted.
In addition to greater visibility of potentially malicious activity on the users network, SOC.OS can also be used to investigate the negative space – areas on the network where alerts are not being produced. Does an absence of alerts simply mean that nothing is happening in this area, or does it point to a gap in a user’s defences? In this instance, Jon will conduct a ‘Red Team’ exercise – attempting to gain access to the Gentoo Group’s network (and the seemingly silent area) to see if his presence and activity triggers any security alerts. If not, this could point to a potential gap in their defences and can direct patching and maintenance.
A holistic approach
Another important area of Jon and Gentoo’s cybersecurity strategy is the vital staff training and awareness programmes. An organisation’s staff are at the same time the biggest potential weakness and its biggest defence opportunity. Gentoo use online training as well as simulated phishing exercises to encourage best practices amongst their staff, and the next goal for Jon is to get more staff practicing high standards of cybersecurity in their personal lives. This goal is certainly applicable to more than just the staff at Gentoo Group, with 2-Factor Authentication, good password hygiene and carefully considering what personal details we share with applications and on social media crucial to protecting ourselves.
SOC.OS and the Gentoo Group’s partnership highlights the importance of active engagement in your cybersecurity toolset to achieve good outcomes – the Gentoo Group undergo regular cybersecurity audits and the feedback is strong for their sector. With research from the Ponemon Institute showing that 53% of IT leaders aren’t sure that their security tools are working correctly, improved visibility and centralized monitoring capabilities have never been more vital.