Many security experts have claimed that a SOC (Security Operations Centre) can help to enhance and protect government entities and large enterprises from cyber threats and attacks? However, in your expert opinion, what are the unique capabilities of a SOC that makes it so essential for network security?
Bharat Raigangar: Managing security risk from actual and anticipated risks to a specific organisation is often a dynamic endeavour. Security risk can be affected by frequent changes in threats and adversaries (or awareness/knowledge of them) such as the attack techniques they use, the controls available, and the effectiveness of those controls.
In a defensive capacity, you need to have the capability for the prevention of incidents through proactive threat analysis, monitoring for threats and adversaries, real-time detection and historical trending, response co-ordination and decision support, providing situational and context awareness and operations and maintenance of defensive technologies that provides integrated intelligence vertically and horizontally.
A standard and consistent incident response plan should be created and tested. This should define all roles of personnel as well as phases of incident handling/management from detection to post-incident review.
To be successful in managing risk, you need to have effective people processes and tools to operationalise intelligence, automate investigation and response workflows and a “cloud-native mindset to security”.
SOC capabilities have never been the same since the origin of SOC in organisations and today the essential capabilities include monitoring, detection, response, threat intelligence, analytics, automation, vulnerability and compliance management among others.
One of the key strengths of a SOC would appear to be its ability to incorporate cooperation between man and machine, but how do you create a Modern SOC – and what are the defining characteristics of a Modern SOC?
Bharat Raigangar: As organisations operating boundaries significantly changed with digitisation, cloud, and mobility, so did the threat landscape. SOC modernisation initiatives are on the rise across the industries to augment advanced capabilities in a much more unified way to combat the sophisticated nature of adversaries.
The reality is that a good cyber hygiene is hard to manage because of the sheer volume of controls and the challenge of determining which controls are going to work well, or possibly not, within your environment.
You need capabilities that provide intelligence across specialised tools – providing high quality alerts, end-to-end investigation capabilities and remediation. You also need to have a unified View across all the different tools and controls – unified alert queue, Log detection using UEBA/ML. Integrated intelligence is key.
SecOps usually evolves by adopting specialised tooling and cloud-native analytics. Most investigations start with EDR capability (regardless of alert source), and then often pivot into identity and email/software as a service (SaaS) capabilities’.
You also need upgrading to a Cloud-Native SIEM, such as Azure Sentinel, that can go further and correlate insights from different security tools such as Microsoft Defender for Endpoint, Microsoft Cloud App Security, Microsoft Defender for Identity, Microsoft Defender for Office 365, etc.
Modern SOCs need to demonstrate the effective functioning of these advanced threat detection capabilities in an integrated way and leveraging inbuilt machine learning techniques, ability to contain and isolate at speed, cloud sandboxing to detonate and understand the malware behavior, User Entity & Behavior Analytics (UEBA), external threat intelligence, hypothesis basis advanced and proactive threat hunting and most importantly advanced security orchestration and automated response capabilities (SOAR).
Wipro has also been investing heavily in growing its modern SOC as Cyber Defense Center (CDC) footprint geographically and their intrinsic technology processes and talent readiness to meet the current and future threats that customers would face.
The current model of the CDC supports 24/7 monitoring, contextual threat intelligence, threat detection through advanced correlation, incident management workflow, compliance reporting, and other features discussed above.
The CDC is underpinned by the following operating principles:
- Manage the growth without compromising on agility
- Execute the defined SOPs to the highest standards
- Maximise the value of the tooling investments for detection and response
- Win together – disseminate collective wisdom to upstream (partners, CERTs) and downstream (customer) stakeholders
Microsoft and Wipro have been trusted partners for over 20 years. Can you outline to our readers how important this collaboration has been for both entities and what value you both derive from each other?
Sanchu Sankar: Relationships like this are critical in delivering the best to our customers and to solve challenging problems in security. With Wipro’s 20+ years of vast experience and deep expertise in cybersecurity and with Microsoft’s strong commitment to cloud-based security technologies continuously innovate and enhance security at every layer, has helped take the alliance to assist customers right from the value conversations, strategy, solutions and technology adoption.
As discussed earlier, to be successful in managing risk, you need to have effective people, processes and tools to operationalise intelligence, automate investigation and response workflows and a “cloud-native mindset to security”.
This is where we are working together as trusted partners for our customers in helping to modernise your Security Operations Center by leveraging the power of cloud-native security tools such as Azure Sentinel, Microsoft Defender – and bringing in a unified security posture across the entire organisation.
In addition to the tools, through this strategic partnership, Microsoft is bringing in experts from consulting services supported by Wipro Advisory to provide technical leadership and to provide advisory services across the complete lifecycle.
Recognising the importance of having an effective people and process model to manage your modern SOC, Microsoft is also bringing in experts to assess and provide recommendations on your current major incident management, problem management, event management processes, governance model, SOC continuity strategy, change management, SOC communications and to support upskilling Security IT managers on how to lead their employees through this modernisation drive.
In addition, Wipro is also a Microsoft Intelligent Security Association (MISA) member to help develop customer solutions in consolidating and transforming security solutions and services to accelerate the adoption through highly integrated and matured managed security services.
The Microsoft Intelligent Security Association (MISA) is an ecosystem of independent software vendors that have integrated their solutions to better defend against a world of increasing threats.
Wipro is also the leading Global Managed Security Service Providers (MSSPs) and provides feedback on the security technologies which helps in feature enhancements and holds access to new innovations under the NDA while piloting preview features.
In December 2019, Wipro announced the launch of its advanced SOC services which are powered by Microsoft Azure Sentinel? What sort of impact has this solution had in the IT security ecosystem over the last 12 months?
Sanchu Sankar: The launch of Wipro advanced SOC services powered by Microsoft Azure Sentinel, the next-generation security operations with cloud and AI, has been a game-changer.
It has led to several proof of concepts, SOC modernisation conversations, pilot programs and we are now seeing some of the engagements go -live.
With Microsoft, Wipro is enhancing its cloud threat management capabilities in the form of an adaptive, intelligent cloud native SOC for single or multi-cloud customers.
As part of this integration, Wipro is offering managed cloud SOC services with built-in artificial intelligence (AI) and orchestration capabilities for rapid threat detection and response for its clients across hybrid cloud environments.
In addition, AI-based capabilities of Wipro HOLMES® are being used to measure the risk factors against compliance standards.
What differentiates this SOC solution developed jointly by Wipro and Microsoft from other similar solutions being floated in the market?
Bharat Raigangar: The joint MDR (Managed Detection & Response) offering developed by Wipro and Microsoft consulting services, is primarily aimed at large organisations as they scale and remove complexities to transform from their current state to future state.
This will involve co-existence, migration, integrations, customisation by leveraging product engineering teams, augmenting new capabilities as per modern SOC needs, managed SOC services consolidation and transition.
As discussed earlier and to reinforce the message, to be successful in managing risk, you need to have effective, people, process and tools to operationalise intelligence, automate investigation and response workflows and a “cloud-native mindset to security”.
This is where our strategic partnership brings in value and end-to-end SOC operations to customers by leveraging the power of Cloud-native security tools from Microsoft, experts from Wipro Consulting Services to develop a modern SOC strategy, roadmap, and enablement of technologies.
In addition to this, addressing people and process aspects to drive an efficient and modern SOC operations and Wipro bringing the expertise of SIEM and NDR technologies, unified SOC for IT, OT & IoT along with the library of use-cases and automation playbooks and ability to deliver managed SOC services from Wipro’s established global Cyber Defense Centers across US, UK, Europe, Australia, India, and the Middle East.