Part 1 of ACD – A Security Operations Center (SOC) is defined by what it does: computer network defense. The job of the SOC is to defend against unauthorized activity within computer networks, including monitoring, detection, analysis, response and restoration responsibility. That given, the core triggers for SOC work are, by definition, passive. Monitoring and detection imply a capacity waiting for something outside itself. The SOC waits for indicators from the flotsam and jetsam of potentially thousands of security tools. It waits for SIEM-fire. It waits for indicators of compromise (IOCs). It waits for a knock from the FBI. In short: it waits.
Likewise, even well-managed security operations programs are generally organic, passive and reactive. The security program may be defined, but it has no mechanism for actively extending its reach and actively improving its impact. There is also frustratingly little vocabulary to even describe a capacity change in SOC capacity, performance or impact over time. If it’s getting better, what does that mean?
Mosaic451’s Active Cyber Defense (ACD) is a discipline of active, aggressive, ongoing security operations improvement. Traditional network security assumes a network isn’t compromised and attempts to prevent future access via automated and reactive techniques. ACD comes from the opposite direction: it assumes the network is compromised, indeed it seeks to compromise the network and it proactively to root out the adversary. We employ red-team techniques, tactics, and procedures (TTP) combined with customized, nation state-tested offensive countermeasures to create customer-specific threat intelligence and to weaponize the SOC. ACD is not a tool. It is a program of experts deploying human logic and finding or building tools as the opposition does. Active Cyber Defense is designed to work collaboratively with your established security program to create measurable gains in both your information security program and your SOC.
Please inquire for a free review of this managed service as a table top exercise of how we would engage our SOC with your Security team to protect your key assets.