Aniss, what exactly is an SOC and why do you work around the clock?
A Security Operations Centre – an SOC – monitors information flowing in or out of a company to try and detect fraud, intrusions or other security risks. At Combitech's SOC in Växjö we offer our services to companies nationwide.
The reason we are staffed day and night, quite simply, is because criminals and crooks don't take a break at the end of the workday. Moreover, many of the attacks against Swedish companies originate in other parts of the world. Few companies can afford to have personnel monitoring their systems 24 hours a day, so they entrust us instead to provide more comprehensive monitoring.Aniss Nazerian, Operations Manager, Security Operations Centres (SOC).
What happens if you detect an anomaly?
We quickly analyse the situation. This saves the customer time by not having to worry about superfluous false alarms. And if we detect something in the middle of the night, it's great not to have to wake up someone because of a false alarm. If we detect a possible hacking attempt, we notify the customer immediately in a manner agreed upon, such as by telephone or sending an alert. Depending on what's happening, we can also act to limit or stop the occurrence.
Is there a way to further improve the odds?
Yes, an important aspect involves being familiar with the company's operations. What is important to them? What information is highly valued? Where can we expect attacks to occur? Keeping up to date with the company's operations by, for example, reading their press releases, provides us with an understanding of what's going on. For instance, if they unveil a new technology globally, we can be little more prepared for attempts to access the data pertaining to the technology.
Some customers also want their internal informational flows to be monitored. Why is that?
Often, customers seek to have more comprehensive protection. Sometimes, fraud attempts are carried out by persons inside the system but, when something does occur, it more often than not involves criminals taking advantage of the fact that employees nowadays are stressed, or very helpful.
Maybe someone downloads a program by mistake that carries a virus, or someone finds a corrupt USD drive on the street and, without any malice, inserts it into a computer to find out who it belongs to. When it becomes more difficult to access systems from the outside, many criminal groups resort to using people in order to access information in the system from the inside instead.
Combitech's SOC is relatively new and built according to the latest security concepts. What does that mean?
Customers must be able to have complete trust in us, which means that it is not only data systems which must be secure. It requires the entire environment to be built accordingly, with various screening levels, ensuring the right people are hired. I believe there are very few in Sweden at present – if any at all – that have security levels comparable to our own. It proved very challenging to build such an extreme environment, but it was a lot of fun for those of us involved.
About Combitech's Security Operations Centre
The Combitech Security Operations Centre (CSOC) is located in Växjö and offers 24/7 security monitoring services. Expert security analysts help customers to identify security threats such as external attacks against a company's servers and websites, and analyse information flows to detect discrepancies or other potential dangers to the company. The services can be combined with everything from technology testing to incident investigations and full-scale crisis exercises.
Learn more about MSS and our services within Risk and Continuity.