09 Sep

Designing The Next Generation Cyber Security Operations Center (CSOC)

Designing The Next Generation Cyber Security Operations Center (CSOC)

This post is written with Troels Oerting (@TroelsOerting), Group Chief Information Security and Trust Officer, and Will Dixon, Deputy Director of Cyber Intelligence at Barclays, detailing the vision for the the next generation cyber security operations centers, and the need for a new approach to cyber protection, business enablement, and innovation in the industry.

The threat to the users of the Internet, regardless if they are individual users or companies, is increasing in quantity and quality. The various drivers for this increase are many, but the the ease of being a cybercriminal, with an easy access to online tools and no need to travel to conduct this faceless crime, makes cybercrime almost risk-free and very profitable.

On the cyber protection side, I have noticed, that cyber security is treated mostly as a ‘tech’ problem, that can be solved by technical solutions and by balancing risks and controls. While it is already changing, this approach is still prevailing. This was also the impression I got while visiting RSA Cyber Security Conference in San Francisco. I, on the contrary, believe cyber security is a ‘business’ problem, which is amplified by the “human factor”. One would probably not hire a house-builder or a carpenter to protect the house. These experts would make sure that the basic foundations, such as walls, windows, doors and other access points are in place. But one would hire a professional to protect this house from from threats and intrusions. We have, for a long time, been focussing on the ‘bullet in the wound’, not the person holding the gun.

Cyber security is all about people, processes and technology. And in the modern Security Operations Centre it all becomes vital in order to be prepared to defend the digital assets belonging to the company, its customers, stakeholders, and staff.

At the centre of a global financial institution must be trust. Trust is a differentiator for the modern customer, and in a hyper connected world customers will need to know and demand, that their most sensitive personal information on i.e. identity, address, salary, mortgage, credit card spends, pension, travel, shopping habits are kept safe.

In the last year we have re-built our Global Information Security division in Barclays to be strategic, Intelligence-led, and future proof by implementing new capabilities and developing a new ’fusion cell’ concept being able to utilise big data, AI and machine learning. We are aiming to implement a truly strategic view for our function, have already build new and enhanced functions, including Cyber Intelligence, Insider Threat, Red Team, Hunters, Cyber Innovation, and Outreach, and, overall, are constantly adapting to meet the challenges of the present and the future.

That’s why the we are considering to establish a new SOC. The Sentient SOC.

I would like to share the vision of what operating a Sentient SOC will look like in the near future.