Becoming the best at detecting threats
Nicola shares her daily life at Orange Cyberdefense and gives some solid advice on detecting and responding to threats.
You are Head of CyberSOC Operations in the UK, what is your everyday life like?
As Head of CyberSOC Operations, I’m responsible for both Threat Detection and Hunting services delivered out of the UK, and also Managed Vulnerability Scanning services delivered out of South Africa. My team includes analysts, engineers, and consultants and we all work together to make sure we are delivering top tier services with customer excellence at the forefront. Every day is varied and exciting, and ranges from making sure the team is delivering service excellence, engaging with our clients and focusing on continuous service improvement. The attack landscape is constantly changing, so if we are to protect our clients, then we must adapt accordingly!
What do you like the most about working in cybersecurity and about your job?
I enjoy the cybersecurity industry. Coming from a Telecoms background and moving into the realms of cybersecurity was exciting! You get a real sense of purpose in knowing that you are helping clients to defend against cybercrime/cybercriminals. We are always watching over them and helping to ensure that sufficient means are in place to protect them. We like to take our clients on a journey through this process, showing them how we can be their trusted advisers and continuously support them through our people, processes and technology. My role does exactly that. I have the pleasure of leading a very competent team, who I learn from every day, and we are constantly working to deliver, adapt and create new ways to enhance the visibility of their environment and strengthen their defenses.
What are our customers’ needs concerning detection and response services in the UK?
Each client’s needs vary as they face different security risks based on their business and associated environment. On a high level, our clients want to be able to focus on their core business. They want to have experts in place who can guide them and provide them with relevant and actionable information. This includes actions regarding critical alerts and overall, clear steps to improve their security posture overall. Clients in the UK are looking for a trusted adviser who can work with them to help widen the visibility of their business landscapes. They need a team of highly skilled and competent people that can become an extension of their own.
What does Orange Cyberdefense offer its clients in regards to detection and response?
We’re the experts who know our craft. This is what we do day in, day out and this provides concentrated expertise in a very important part of our clients’ everyday life. Our clients who take the Advanced Managed Threat Hunting services with us have the incredible benefit of a consultant aligned to the service. The consultant, who has years of experience in the industry, is there to offer expert advice, guide the client and ensure we have visibility of the right things in their environment. Our Managed Vulnerability scanning services focus on identifying and scanning the assets in your business, ensuring you are aware of the assets in your environment, have up to date vulnerability information and can prioritize next steps using the vulnerability dashboards. Managed Threat Detection and Hunting serves to identify various indicators of attack, compromise or general suspicious behavior at the different stages of the cyber kill chain. We use the Mitre Att&ck framework, our research and the expertise of our elite consultants to do this. One of the key things that we do in both of these services is to add context. Being flooded with detection alerts and vulnerabilities can be overwhelming. We work to take the pain out of both of these processes. One of the key aspects that we focus on with all our services, is to ensure that security-related information, guidance and findings are based on the context of the client and their environment, to ensure it is valuable for them. Furthermore, we host and manage the solutions for our clients, ensuring there is the minimal infrastructure required from the client’s end.
Some businesses choose to set up a SIEM and/or a Vulnerability Scanning solution in-house. What would be your advice?
Setting up a SIEM and/or a Vulnerability Scanning solution in-house is highly complex. If it is not set up, maintained and analyzed correctly, the risk exists to be flooded with irrelevant information and/or lack visibility of key sections in your environment. Overall, it can reduce the effectiveness of these solutions, where key information is missed – an attacker’s dream! This makes it far easier for an attacker’s actions to fall under the radar. Also, we see a lot of customers who have their network and infrastructure teams responsible for the security of their business. Where multi-disciplined teams create a far smoother and efficient operating model, this can cause havoc without the relevant expertise. To protect your business from an attacker, this expertise is key along with an understanding of attack methodologies used and the expanding threat landscape. That is why, more often than not, our clients often prefer not to host infrastructure themselves as this creates an operational overhead, results in additional costs and adds yet another component that needs to be secured.
What have been (and still are) the impacts of the health crisis for our customers and ourselves in terms of detection and response?
The impacts of the health crisis have meant having to adapt to a changing landscape with agility. Most businesses in the UK have adapted to working from home which means a change to the way devices connect to the network and associated data travels. In addition to this, it has accelerated a lot of businesses’ requirements to migrate to the cloud. We are getting a lot more questions regarding cloud assets’ detection capability and vulnerability scanning coverage. Also, how we can assist with testing and verifying the security of the deployments and associated configurations in these environments.
What would you say to someone who wants to pursue the same career as you?
Be creative. Think about whether there is another way to do things, challenge the norm and assess how your environment is evolving. In my 15 years of operational management, one of the most key things I learned is never to take for granted that things should be done in a certain way. I have had some of my greatest successes in my career through thinking outside the box. You must always take a step back, look at the bigger picture and ask yourself what you are trying to achieve.